Far from a routine cyber incident, a prolonged and sophisticated attack on a major business services provider has now emerged as one of the largest data breaches in recent years. New regulatory disclosures show that sensitive personal information of more than 25.9 million people in the US has been compromised.
The breach hit Conduent, with attackers linked to the SafePay ransomware operation stealing nearly 8 terabytes of data. The intrusion went undetected for almost 3 months, significantly widening its impact.
Breach timeline and scope
Investigations confirm that unauthorised access to Conduent’s systems occurred between October 21, 2024, and January 13, 2025. During this period, attackers systematically exfiltrated large volumes of files before the activity was identified and contained.
Early estimates in early 2025 had pointed to a smaller number of affected users. However, updated filings in February 2026 revealed that the scale of the breach had grown substantially, affecting at least 25.9 million individuals. Most of the impacted users are recipients of government services in Texas and Oregon.
Highly sensitive data exposed
The stolen information includes names, Social Security numbers, dates of birth, medical records, and health insurance details. Experts warn that this combination of data creates long-term risks of identity theft and financial fraud.
Texas has been the worst affected, with data of 15.4 million residents compromised, close to half of the state’s population. Oregon authorities have confirmed that 10.5 million records linked to state services were also exposed.
Impact beyond government services
The breach has disrupted multiple state agencies that depend on Conduent for processing Medicaid, SNAP, and child support services. The exposure extends beyond public-sector clients, with corporate organisations such as Volvo Group also reporting employee data exposure.
Conduent secured its systems in January and later acknowledged the breach. However, the delayed understanding of its full scale has triggered regulatory scrutiny and staggered notifications to affected individuals.
Victims are now receiving alerts advising them to place fraud warnings on credit files and remain vigilant against misuse of their personal and medical data.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream LinkedIn | The Mainstream Facebook | The Mainstream Youtube | The Mainstream Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
