Conduent Business Services, LLC, a significant player in the government technology sector responsible for managing healthcare claims, payments, and various back-office operations, is grappling with the fallout from a substantial cyber breach. Notification letters to millions of affected individuals began to arrive this month, revealing that an unauthorized intruder had accessed sensitive systems from October 21, 2024, to January 13, 2025, leading to the theft of personal data affecting tens of millions.
The extent of the breach was initially disclosed in Conduent’s SEC filing in April 2025, but recent reports indicate a broader impact than first estimated. Texas alone has seen the number of affected individuals jump from 4 million to approximately 15.4 million, while Oregon has reported about 10.5 million impacted residents, contributing to a total victim count now exceeding 25 million. This breach stands as one of the largest of 2025, although it remains smaller than the 193 million cases associated with Change Healthcare in 2024.
The Safepay ransomware group has claimed responsibility for the breach, asserting via their dark web leak site that they exfiltrated over 8 terabytes of sensitive data, including names, Social Security numbers, addresses, medical histories, and health insurance information. Although Conduent has acknowledged the data theft, the company has not confirmed the specific link to the ransomware group or the total volume of the compromised data. The group, notorious for targeting high-value sectors such as healthcare and government, has attacked over 73 victims and infected around 260 systems.
Despite the alarming nature of the breach, there have been no public data dumps thus far, raising concerns about the potential risks associated with third-party operations. Texas Attorney General Ken Paxton has launched an investigation, characterizing this incident as possibly the largest healthcare breach in U.S. history.
Conduent has reported approximately $25 million in response costs associated with the breach, with partial coverage through insurance. Fortunately, operational disruptions were minimal, with only brief interruptions in mailroom, payment, and benefits services.
A chronological timeline details the incident’s progression, starting with the hacker infiltrating a limited segment of the network and exfiltrating client files without detection, leading to Conduent’s eventual detection of the breach on January 13, 2025. The company quickly contained the situation, restored systems, and notified law enforcement. Subsequent notifications to clients began rolling out in late 2025 to early 2026, with full consumer alerts expected by mid-April 2026.
Users are encouraged to remain vigilant against identity theft by monitoring their credit reports and reviewing any theft or fraud alerts. Conduent has established a support hotline for affected individuals to address their concerns.
This incident underscores the vulnerabilities inherent in government contracting and the importance of robust cybersecurity measures. As investigations continue, additional details regarding this breach are anticipated, with regular updates expected from state Attorney General portals.