Search

Conduent Data Breach Balloons, Affecting Millions More Americans

Cyber threats and incidents
By John Kevin Hao

Related

Cyber threats and incidents

Multiple US Healthcare Data Breaches Expose Millions of Patient Records

What happened Several major healthcare data breaches have been added...
Read more
Cyber threats and incidents

Grafana Labs Refuses to Pay Ransom After Codebase Theft

What happened Grafana Labs confirmed over the weekend that an...
Read more
Cyber threats and incidents

UK Water Company Fined After Hackers Lurked Undetected for Nearly Two Years

What happened The UK's Information Commissioner's Office fined South Staffordshire...
Read more
Cyber threats and incidents

OpenLoop Health Data Breach Confirmed at 716,000 Individuals

What happened The scale of a data breach at telehealth...
Read more
Cyber threats and incidents

Škoda Online Shop Security Incident Exposes Customer Data

What happened Škoda Auto has disclosed a security incident affecting...
Read more

Share

What happened

A ransomware attack on government technology contractor Conduent has expanded to affect far more individuals than initially reported after stolen personal data was discovered to include millions more Americans. According to the report, the breach stems from a January 2025 incident in which attackers exfiltrated sensitive information from Conduent systems used by federal and state agencies. Previously disclosed figures estimated that roughly 4 million people were impacted, but subsequent notifications indicate that at least 15.4 million Texans and another 10.5 million people in Oregon, among others, have had personal data exposed as part of the same incident. Conduent acknowledged that the stolen datasets contain a “significant number of individuals’ personal information associated with our clients’ end-users” and that it is continuing the process of notifying affected individuals, with completion expected by early 2026. The company did not provide a precise total number of affected people but noted the expanded scope across multiple states. 

Who is affected

Individuals whose personal information was stored in government or corporate systems managed by Conduent are affected, with state notifications indicating millions more impacted across Texas, Oregon, Delaware, Massachusetts, New Hampshire, and potentially other jurisdictions. 

Why CISOs should care

The continued expansion of the Conduent breach demonstrates how large-scale data exfiltration in managed services environments can grow in scope as investigations reveal more exposed populations, raising identity and privacy risk across multiple public and private sectors. 

3 practical actions

  • Track notification progress. Monitor state and vendor notifications for updates on affected cohorts. 
  • Review breach impact data. Aggregate and analyze available breach scope information to assess risk to organizational stakeholders. 
  • Strengthen third-party oversight. Reevaluate controls and vetting for service providers handling sensitive personal information. 
IMG 0514 2
+ posts

John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.

Previous article
Leaked Technical Documents Show China Rehearsing Cyberattacks on Neighbors’ Critical Infrastructure
Next article
React2Shell Vulnerability Abused to Deliver AI-Generated Malware

Subscribe to our stories

To be updated with all the latest news, offers and special announcements.