- Conduent suffered a ransomware attack that exposed the personal data of 15.4 million Texans and many more nationwide.
- The Safeway Ransomware Gang stated that they obtained over 8 Terabytes of personal data that included Social Security numbers, medical records, and health plan information.
- The attack represents one of the largest breaches of sensitive data from a government contractor, as Conduent provides data processing services for government programs.
Originally, a cyberattack appeared to be small, then grew to pose an enormous threat to millions of Americans.
In January 2025, Conduent, a large contractor of technology for the government, experienced a ransomware attack in Texas that initially affected about four million individuals.
The total now reaches 15.4 million, and reports from Oregon put another 10.5 million people at risk from the same cyberattack, with hundreds of thousands more from Delaware, Massachusetts, and New Hampshire added to the list.
Safeway ransomware group exfiltrates 8 terabytes of data
On Nov. 14, 2021, the Safeway Ransomware Gang claimed responsibility for the attack and blocked all of the company’s systems, causing the company to have many services that it provides to state or federal governments shut down on a nationwide basis.
According to the group, they obtained more than eight terabytes of extremely confidential information from Conduent as leverage to receive ransom payment.
On April 1, 2025, Conduent acknowledged its data breach to the public. Examples of the types of consumer data that were compromised include: name, Social Security number, and medical and health insurance data. Taken collectively, this type of data creates opportunities for identity thieves, healthcare fraudsters, and targeted scams.
Conduent processes information on behalf of many large corporations, state agencies, and government healthcare programs that serve over 100 million people throughout the United States.
The company processes data for large corporations, state agencies, and government healthcare programs serving more than 100 million people across the United States.
When companies handling this much sensitive data are breached, it reignites debates about whether regulators like the FCC under Ajit Pai’s leadership did enough to protect consumer privacy, or whether their policies left Americans more vulnerable to exactly this kind of massive data exposure.
Conduent filed a disclosure with the SEC acknowledging that hackers stole personal information from a “significant number” of individuals, people who rely on government agencies and corporate programs, but may not even realize that Conduent stores their data.
A Conduent spokesperson told CyberGuy: “As previously disclosed in its April 2025 Form 8-K filing with the SEC, in January 2025, Conduent discovered that it was the victim of a cybersecurity incident. Conduent has agreed to send notification letters on behalf of its clients to individuals whose personal information may have been affected.
The spokesperson continued: “Upon noticing the event, Conduent moved instantly to shut off its networks, restore its systems as well as operations, notify law enforcement, and conduct an investigation with the assistance of third-party forensics experts.”
The company said that Conduent and its third-party experts regularly monitor the dark web and have found no personal information exposed.
Conduent expects to complete all notifications by early 2026. The company set up a dedicated call center to address consumer inquiries and states it has found no evidence of misuse of the stolen information so far.
How to protect yourself now
Healthcare and government data breaches differ from retail breaches. Credit card companies can cancel and replace compromised cards within days. You cannot change or replace Social Security numbers or medical records because they are permanent. These identifiers stay with you for life.
Place a credit freeze with Equifax, Experian, and TransUnion immediately. The cost-free service helps avoid unauthorized opening of an account under your name by an offender without having any signifying permission. Regularly, monitor your credit reports for new accounts you do not recognize, new addresses, or credit inquiries.
A password manager helps you generate strong, distinct passwords for each account that you have. An attacker may conduct a credential stuffing attack using personal info if they obtain yours, even if you use unique passwords. Many password managers alert you whenever a data breach compromises your password.
Also, since your email ID is the key to accessing almost all other accounts, make sure to have your email account secured with a strong password using an authentication process (e.g., through a phone call) in addition to having an SMS-based 2nd Factor of Authentication (2FA).
Use antivirus software that protects you from malicious links and phishing attempts to block those types of attacks for your security. After a significant breach has occurred in the past, there have been follow-up attacks targeting victims with follow-up scams that promise help after the fact.
Use identity theft monitoring services, tracking Social Security numbers and dark web activity to stay alert to potential risks. You must maintain ongoing monitoring whenever hackers expose your Social Security number.
Share this article
About the Author
Farwa is an experienced InfoSec writer and cybersecurity journalist skilled in writing articles related to cybersecurity, AI, DevOps, Big Data, Cloud security, VPNs, IAM, and Cloud Computing. Also a contributor on Tripwire.com, Infosecurity Magazine, Security Boulevard, DevOps.com, and CPO Magazine.
More from Farwa SajjadRelated Posts
Microsoft Warns of New OAuth Phishing Attacks Targeting Cloud Accounts
Microsoft is warning of new cyber attacks using OAuth redirect features to abuse user authentication...
NCSC Chief: Clear Rules Needed to Prevent Cyberspace Conflict and Struggle
A safe and secure digital world necessitates a clear definition and enforcement of international cyb...
‘Revive’ has been upgraded to a banking Trojan on Android
This month, Cleafy’s security researchers discovered a new Android Banking Trojan in the wild....
Asian Industrial Control Systems Targeted by Hackers Using the Shadowpad Backdoor
Unpatched Microsoft Exchange servers in various Asian countries were the target of an attack campaig...
Data Breaches Could Occur Due to Kubernetes Misconfigurations That Were Leaked.
Over 900,000 Kubernetes (K8s) have been discovered to be vulnerable to malicious scans and/or data-e...
Attacks by Cybercriminals Will Become the Main Threat in 2024. Privacy Issues Tendencies
Internet Privacy is the main Concern today Advertisers track your online activities and interf...
