6Pre-AdvancedBusinessBusiness

Conduent Data Breach Expands to Affect Millions More Americans

A ransomware attack on government technology contractor Conduent has grown far beyond initial estimates. At least 25 million Americans have had their personal and health data stolen, with the final count potentially reaching 100 million. The incident raises urgent questions about cybersecurity oversight in the public sector.

2 min readLevel 6February 6, 2026

Vocabulary

Study these words before reading the article. Click the audio button to hear pronunciation.

breach

/briːtʃ/

noun

An incident where private or protected information is accessed or stolen without permission.

“The data breach exposed millions of customers' personal records to criminal hackers.”

exfiltrate

/ˌeksˈfɪltreɪt/

verb

To secretly remove or steal data from a computer system without authorization.

“The attackers managed to exfiltrate terabytes of sensitive files before being detected.”

disbursement

/dɪsˈbɜːrsmənt/

noun

The payment or distribution of money, especially from a fund or account.

“The company handles billions of dollars in annual disbursements for government programs.”

cascade

/kæˈskeɪd/

verb

To spread or pass on rapidly, often in a way that increases in effect or impact.

“A security failure at one vendor can cascade through an entire supply chain.”

escalate

/ˈeskəleɪt/

verb

To increase rapidly in size, intensity, or seriousness.

“The number of affected individuals continued to escalate as the investigation progressed.”

vulnerability

/ˌvʌlnərəˈbɪləti/

noun

A weakness in a system or organization that can be exploited or attacked.

“The audit revealed a critical vulnerability in the company's network security infrastructure.”

Listen to Article

0:00 / 0:00

Article

Click on any underlined word to see its definition. Highlighted words are from the vocabulary section.

A massive data breach at Conduent has ballooned into one of the largest in recent history. The government technology contractor, which serves over 100 million Americans, suffered a ransomware attack in January 2025. Hackers had accessed the company's network undetected for nearly three months. The scope of the breach has escalated dramatically since it was first disclosed. Cybersecurity experts warn that the full scale remains unknown.

Initially, Conduent reported that approximately four million people in Texas were affected. However, updated filings reveal that 15.4 million Texans alone had their data compromised. An additional 10.5 million individuals were affected in Oregon. Hundreds of thousands more have been notified across Delaware, Massachusetts, and other states. The stolen data includes names, Social Security numbers, medical records, and health insurance details.

Conduent provides critical technology services to government agencies and major corporations nationwide. The company processes roughly 85 billion dollars in annual disbursements for its clients. The SafePay ransomware group claimed responsibility, alleging it had exfiltrated 8.5 terabytes of data. At least nine class action lawsuits have already been filed against the company. Conduent has incurred an estimated 25 million dollars in breach-related costs.

This incident underscores a growing vulnerability in government-linked technology infrastructure. When private contractors handle sensitive public data, a single breach can cascade across state lines. Conduent's spokesperson declined to confirm whether all 100 million users could be affected. The company plans to conclude notifying affected individuals by early 2026. Had Conduent implemented stronger cybersecurity measures earlier, the damage might have been significantly reduced.

Comprehension Quiz

Test your understanding of the article with these multiple-choice questions.

1
How many people in Texas were ultimately affected by the Conduent data breach?
2
Which ransomware group claimed responsibility for the attack on Conduent?
3
How long did hackers have access to Conduent's network before being detected?
4
What is Conduent's estimated total cost related to the data breach?
5
What type of data was stolen in the breach?

Discussion

Answer these comprehension questions about the article.

1
What type of cyberattack did Conduent experience, and how long did hackers have access to its systems?
2
How has the estimated number of affected individuals changed since the breach was first reported?
3
What kinds of personal information were stolen in the Conduent data breach?
4
Why does the article describe Conduent as a 'government technology contractor,' and why does this make the breach particularly serious?
5
What financial consequences has Conduent faced as a result of the breach so far?

Further Discussion

Share your opinions on these open-ended questions.

1
If you were a senior executive at Conduent, what steps would you prioritize to restore stakeholder confidence after a breach of this magnitude?
2
Should government agencies be allowed to outsource the handling of sensitive citizen data to private contractors? What safeguards would you recommend?
3
How would you assess the reputational risk for a company like Conduent, and what long-term impact might this breach have on its business relationships?
4
If you were advising a company on vendor risk management, what cybersecurity requirements would you insist on before signing a contract?
5
Do you think current data protection regulations are sufficient to prevent breaches of this scale, or should governments impose stricter oversight on technology contractors?