Conduent Data Breach – Largest Data Breach in U.S. History As Ransomware Group Stolen 8 TB of Data

Conduent Data Breach Notification Letters Sent to Millions as Ransomware Group Claims 8 Terabytes Stolen in One of the Largest U.S. Incidents.

Letters began reaching affected individuals this month detailing a major data breach at Conduent Business Services, LLC, a government technology contractor that processes payments, healthcare claims, and back-office services for clients nationwide.

The company confirmed that an unauthorized third party accessed its systems for nearly three months in late 2024 and early 2025, exfiltrating files containing personal information for tens of millions of Americans.The breach, first publicly disclosed by Conduent in an April 2025 SEC filing, has ballooned in scope.

Recent state regulatory reports show at least 15.4 million people affected in Texas alone (up from an initial estimate of 4 million), with earlier filings indicating 10.5 million impacted in Oregon and hundreds of thousands more across other states.

Multiple outlets now estimate the total exceeds 25 million individuals, making it one of the largest data breaches disclosed in 2025 and among the biggest healthcare- and government-related incidents in U.S. history — though still smaller than the 2024 Change Healthcare breach that affected nearly 193 million people.

Ransomware Group Claims Responsibility

The Safepay (also referred to as SafePay or Safeway in some reports) ransomware group claimed responsibility shortly after the incident.

The group posted on its dark web leak site in early 2025, asserting it stole more than 8 terabytes (some claims specify 8.5 TB) of data, including names, Social Security numbers, addresses, medical histories, health insurance details, and other sensitive records.

Conduent has not confirmed the ransomware claim or the exact volume of data taken but has acknowledged the exfiltration of client-related files.

Timeline of the Incident

• October 21, 2024 – January 13, 2025: Unauthorized access to a limited portion of Conduent’s network.
• January 13, 2025: Conduent discovered the cyber incident, which caused temporary operational disruptions to government services (including mailroom, payment processing, and benefits administration). The company quickly contained the breach with third-party forensic experts, restored systems within days, and notified law enforcement.
• April 9, 2025 SEC 8-K Filing (the “old breach sec filing” now referenced in light of ongoing notifications): Conduent stated a “threat actor” exfiltrated files tied to a limited number of clients. Due to the files’ complexity, the company engaged data-mining experts. It confirmed the datasets contained “a significant number of individuals’ personal information associated with our clients’ end-users.” The filing noted no material operational impact or public release of data on the dark web at the time, but the company accrued “material non-recurring expenses” for potential notifications and maintained cyber insurance coverage.
• Late 2025 – February 2026: Notifications to affected individuals began rolling out on behalf of Conduent’s clients (government agencies and private entities). The company expects to complete consumer notifications by mid-April 2026.

The sample notification letter provided to affected persons reads in part:

“On January 13, 2025, we discovered that we were the victim of a cyber incident that impacted a limited portion of our network. … An unauthorized third party had access to our environment from October 21, 2024, to January 13, 2025, and obtained some files associated with <<Client Name>>. … The affected files contained your name and the following: <<Data Elements>>. Presently, we have no evidence or indication of actual or attempted misuse of your personal information.”

Conduent emphasized it is unaware of any misuse and has restored systems and notified authorities. The letter directs recipients to monitor credit reports, review the enclosed “Steps You Can Take to Help Protect Your Information,” and contact a dedicated assistance line at 855-291-2608.

Company Response and Costs

In its initial SEC disclosure, Conduent reported no material impact to operations but later filings referenced approximately $25 million in non-recurring costs related to the response and notifications (as of Q1 2025 estimates).

The company continues to work with clients on regulatory compliance and individual notifications.Texas Attorney General Ken Paxton launched an investigation in February 2026, describing the incident as potentially one of the largest healthcare data breaches in U.S. history. Conduent has not commented publicly on the ransomware group’s claims beyond its regulatory filings.

What Affected Individuals Should Do

The company advises remaining vigilant against identity theft and fraud. Recommended steps include:

• Monitoring credit reports and accounts for suspicious activity.
• Placing a fraud alert or credit freeze with the major bureaus.
• Using strong, unique passwords and enabling multi-factor authentication.
• Being wary of phishing attempts referencing the breach.

Conduent stated it sincerely regrets any inconvenience and has set up a call center for questions.This evolving story highlights the risks third-party service providers pose to sensitive government and healthcare data.

As notifications continue and investigations deepen, the full scope, and any potential data leaks, may become clearer in the coming weeks.For the latest updates, affected individuals should check official state attorney general breach portals or contact Conduent directly using the information in their notification letter.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post Conduent Data Breach – Largest Data Breach in U.S. History As Ransomware Group Stolen 8 TB of Data appeared first on Cyber Security News.