A ransomware attack on government technology giant Conduent has ballooned into one of the largest data breaches in recent history, affecting at least 25.9 million Americans - and the final count could soar much higher. The January 2025 breach, which initially appeared to impact 4 million Texans, now reveals a far more catastrophic scope as state attorneys general across the country report staggering victim numbers. With Conduent handling personal and health data for over 100 million Americans through government contracts, the company's silence on total victim counts is raising alarm bells across Washington.
The scale of the Conduent breach is unprecedented in govtech. What started as a January 2025 ransomware attack that knocked out operations for several days has metastasized into a data exposure event affecting tens of millions of Americans - with the final victim count still unknown.
Texas alone saw 15.4 million residents impacted, accounting for roughly half the state's population. That's a dramatic escalation from the 4 million initially reported in October. Oregon's attorney general confirmed another 10.5 million affected residents. Add in the hundreds of thousands notified across Delaware, Massachusetts, New Hampshire, and other states, and you're looking at a breach that could dwarf most corporate data disasters in recent memory.
The stolen information reads like a hacker's wish list. Names, Social Security numbers, medical data, and health insurance details - the kind of sensitive information that fuels identity theft and insurance fraud for years. And that's just what Conduent has acknowledged so far.
Here's what makes this particularly nasty: Conduent is one of America's largest government contractors, processing personal and sensitive data on behalf of corporations, federal agencies, and state governments. The company's own marketing materials that its technology reaches more than 100 million people across various government healthcare programs. That's nearly one in three Americans.
