More than 10 million impacted by breach of government contractor Conduent

The prominent government contractor Conduent informed multiple states this week that a cybersecurity incident in January exposed the information of more than 10 million people.

In breach notification documents, Conduent said an investigation into the incident revealed that hackers had access to the company’s network from October 21 to January 13 — allowing them to steal troves of files associated with their work in multiple U.S. states. 

“Upon discovery of the incident, we safely restored our systems and operations and notified law enforcement,” the company said. 

Conduent has dozens of contracts with state governments to provide technology solutions for programs involving Medicaid, child support, food assistance, roadway tolls and more. It disburses about $85 billion in government payments annually and handles 2.3 billion customer service interactions each year. 

The company said it “supports approximately 100 million U.S. residents across various government health programs, helping state and federal agencies deliver critical services while reducing costs, increasing program participation and improving compliance.”

Conduent did not respond to requests for comment.

‘Disciplined recovery’

Conduent said more than 400,000 people had information exposed in Texas, with data that included Social Security numbers, medical information and health insurance data. 

About 76,000 people in Washington, 48,000 in South Carolina, 10,000 in New Hampshire and 378 in Maine were affected. The company also filed breach notices in Oregon, Massachusetts, California and New Hampshire. 

In January, the company told Recorded Future News that it “experienced an operational disruption due to a third-party compromise” of one of their operating systems. 

“This compromise was quickly contained and our technology environment is currently considered to be free of known malicious activity as confirmed by our third-party security experts,” the spokesperson said. “The required disciplined recovery caused several days of disruption to many of our operations.”

News of the incident initially emerged when the Wisconsin Department of Children and Families told state residents that Conduent was experiencing a system outage preventing them from processing payments received by mail.

Parents and beneficiaries complained about the outages, telling local news outlets they were struggling to make payments. Wisconsin said at the time that at least three other states were also dealing with outages that were impacting payments sent to people via electronic transfer or an EBT card. 

Conduent reported revenue of $754 million in the last fiscal quarter and said it spent about $2 million “related to investigating, remediating and responding to the cyber event that occurred in January 2025.”

The attack was claimed in February by the SafePay ransomware gang, which said it stole 8.5 TB of data.

In an Securities and Exchange Commission (SEC) filing in April, Conduent confirmed the hackers “exfiltrated a set of files associated with a limited number of the Company’s clients.” 

“Due to the complexity of the files, the Company engaged cybersecurity data mining experts to evaluate the exfiltrated data and was recently informed of its nature, scope and validity, confirming that the data sets contained a significant number of individuals’ personal information associated with our clients' end-users,” the company said. 

“To the Company’s knowledge, the exfiltrated data has not been released on the dark web or otherwise publicly.”

The company noted that its cyber insurance policy would help cover some of the costs that came with responding to the incident and said that federal law enforcement was involved.