A data breach at authorities know-how big Conduent seems to have an effect on much more folks than first disclosed, with the variety of victims probably stretching to dozens of hundreds of thousands of individuals throughout the US.
The January 2025 ransomware assault, which knocked out Conduent’s operations for a number of days, is now identified to have an effect on at the least 15.4 million folks in Texas alone, accounting for about half of the state’s inhabitants. Conduent mentioned in October that 4 million folks throughout the state had been affected.
One other 10.5 million persons are affected throughout Oregon, per the state’s legal professional common.
Conduent has additionally notified lots of of hundreds of individuals throughout Delaware, Massachusetts, New Hampshire, and different states, based on data breach notifications seen by information.killnetswitch.
The stolen knowledge contains people’ names, Social Safety numbers, medical knowledge and medical health insurance info.
One of many largest authorities contractors as we speak, Conduent handles and processes giant quantities of non-public and delicate info on behalf of enormous firms, authorities departments, and several other U.S. states. The corporate says its know-how and operational help companies attain greater than 100 million folks in the US throughout numerous authorities healthcare applications.
When contacted with a number of questions concerning the data breach, Conduent spokesperson Sean Collins supplied a boilerplate assertion that didn’t handle the questions, nor did they reply if Conduent is aware of what number of people are affected by the cyberattack. The spokesperson wouldn’t say if the breach impacts greater than 100 million folks.
Collins mentioned that the corporate has been working to “conduct an in depth evaluation of the affected recordsdata to determine the non-public info” taken within the breach, however wouldn’t say what number of data breach notifications the corporate has despatched out up to now.
Little else is thought concerning the breach, and the corporate has disclosed few particulars. Conduent disclosed the cyberattack in April, months after hackers knocked out the corporate’s methods, which resulted in outages to authorities companies throughout the US.
The Safeway ransomware gang took credit score for the breach, claiming to have stolen over 8 terabytes of knowledge.
In a later SEC submitting, the corporate mentioned that the stolen knowledge units “contained a big variety of people’ private info related to our shoppers’ end-users,” referring to its company and authorities prospects.
Conduent additionally mentioned it’s persevering with to inform people whose knowledge was stolen within the breach, and plans to conclude alerting people by early 2026. The corporate didn’t give a extra particular timeline.
Are you aware extra concerning the Conduent cyberattack? You’ll be able to contact Zack Whittaker on Sign by way of the username zackwhittaker.1337 or by e-mail: zack.whittaker@techcrunch.com.
