Conduent Hit by Record-Breaking Data Breach

- The ransomware group SafePay, which emerged in late 2024, has claimed responsibility for the attack, stating they exfiltrated 8.5 terabytes of files. The group threatened to publish the stolen data, which includes names, Social Security numbers, and medical histories, if their ransom demands were not met. - Attackers had access to Conduent's network for nearly three months, from October 21, 2024, to January 13, 2025, before the intrusion was detected and stopped. This extended dwell time allowed for the systematic exfiltration of large amounts of data. - The breach has had a direct impact on the operations of state government services, including the processing of Medicaid claims, child support payments, and food assistance programs in states like Wisconsin and Oklahoma. - The total number of affected individuals has grown significantly over time, from an initial estimate of 10 million in early 2025 to over 25 million by February 2026. Texas was the hardest-hit state, with the number of affected residents surging from 4 million to over 15 million. - Conduent anticipates spending at least $25 million on breach notification and response costs, some of which it expects to be covered by its cyber insurance policy. - Multiple class-action lawsuits have been filed against the company, alleging negligence in protecting sensitive data and delays in notifying the public. Additionally, the Texas Attorney General launched an investigation into the breach in February 2026. - The breach also impacted corporate clients, including Volvo Group North America, which had the data of nearly 17,000 employees exposed. - The initial public indication of a problem was an operational disruption in January 2025 that caused delays in child support payments in Wisconsin. Conduent did not publicly confirm it was a cyberattack until later and began sending formal breach notifications to individuals in October 2025.