10 million Americans affected by government contractor data breach

Data breaches affect all types of companies, from hospitals to technology companies and large retailers. Now a major government contractor has joined that list.

Conduent, which manages critical public services across the United States, says hackers infiltrated its systems for nearly three months. The cyberattack exposed personal information linked to more than 10 million people.

All about the Conduent gap and its scale

Conduent discovered the intrusion in January 2025 and said hackers had infiltrated its network as early as October 21, 2024. During this period, attackers allegedly stole large amounts of data linked to state-level programs such as Medicaid, child support, food assistance and tolling systems. Conduent claims its investigation found no ongoing malicious activity and said operations were safely restored after containing the breach.

Conduent manages technology and payment systems for dozens of U.S. state governments, processes approximately $85 billion in annual disbursements, and handles more than 2 billion customer service interactions each year. By its own estimates, it supports about 100 million residents through various government health and wellness programs.

DATA BROKER HACK IMPACTS 364,000 INDIVIDUALS’ DATA

The company reported that at least 400,000 people in Texas were affected, with data compromised, including Social Security numbers, medical records and health insurance details. Other affected states include Washington, South Carolina, New Hampshire, Maine, Oregon, Massachusetts and California. Notifications are being sent to all affected individuals and a dedicated call center has been established to answer questions about the breach.

Sign up to receive my FREE CyberGuy report
Get my best tech tips, urgent security alerts, and exclusive offers delivered right to your inbox. Plus, you’ll get instant access to my Ultimate Guide to Surviving Scams, free when you join me CYBERGUY.COM information sheet.

How the Conduent breach unfolded

In January, Conduent described the event as an “operational disruption caused by a third-party compromise.” The breach caused several days of downtime, disrupting vital services in several states. In Wisconsin, for example, parents and beneficiaries were unable to process payments due to system outages, leaving many struggling to meet obligations related to child support and welfare programs.

The SafePay ransomware group later claimed responsibility for the attack, claiming it had stolen 8.5 terabytes of data. Conduent confirmed in a filing with the Securities and Exchange Commission (SEC) that hackers had indeed extracted files belonging to a limited number of clients. The company says it hired cybersecurity experts to analyze the stolen data and recently confirmed that it contained significant amounts of end users’ personal information across multiple programs.

Despite the massive theft, Conduent said there is currently no evidence that the stolen data was posted online or on dark web markets.

HACKERS HIT ONLINE STORES WITH NEW ATTACK

We reached out to Conduent for comment and a company representative provided CyberGuy with the following statement:

“As previously disclosed in its April 2025 Form 8-K filing with the SEC, in January 2025, Conduent discovered that it was the victim of a cybersecurity incident. In connection with that incident, Conduent agreed to send notification letters, on behalf of its clients, to individuals whose personal information may have been affected by this incident. Additionally, a dedicated call center has been created to address consumer inquiries. At this time, Conduent has no evidence of any intent or use actual misappropriation of any information potentially affected by this incident.

“Upon discovering the incident, Conduent acted quickly to secure its networks, restore its systems and operations, notify authorities, and conduct an investigation with the assistance of third-party forensic experts. Additionally, given the nature and complexity of the data involved, Conduent has been working diligently with a dedicated review team, including internal and external experts, to conduct a detailed analysis of the affected files to identify the personal information contained within them, which was a time-consuming process. Conduent takes this matter seriously and regrets any inconvenience caused. this incident could have caused.”

Six Steps You Can Take to Protect Yourself from a Conduent Data Breach

If your information may have been exposed in the Conduent breach or any similar data breach, you are not without defenses. There are several steps you can take right now to reduce your risks.

1) Consider a personal data removal service

Data brokers collect and sell personal information such as your name, home address, phone number, and family names. This data can be used for scams or social engineering attacks. Personal data deletion services find these records on dozens of sites and submit deletion requests on your behalf.

While no service can guarantee complete removal of your data from the Internet, a data deletion service is truly a smart choice. They are not cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically deleting your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to delete your personal data from the Internet. By limiting the information available, you reduce the risk of scammers cross-referencing leak data with information they can find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already available on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already available on the web: Cyberguy.com.

HACKERS STEAL MEDICAL RECORDS AND FINANCIAL DATA OF 1.2 MILLION PATIENTS IN MASSIVE HEALTH CARE Breach

2) Monitor your accounts regularly

After a major data breach, one of the most effective ways to protect yourself is to stay vigilant. Review your bank and credit card statements every few days for unusual transactions, even small ones. Monitor your benefit accounts or tax returns for irregular activity. Early detection gives you time to freeze accounts or stop fraudulent charges before they escalate.

3) Install a reliable antivirus program

Antivirus software is your first line of defense against cyber threats that often follow large breaches. The stolen data can be used to launch targeted phishing attacks or spread malware through fake links and emails. A reliable antivirus solution actively scans for malicious activity, blocks suspicious downloads, and keeps your devices safe from new online threats through automatic updates.

The best way to protect yourself from malicious links that install malware and potentially access your private information is to have powerful antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best antivirus protection winners of 2025 for your Windows, Mac, Android, and iOS devices at Cyberguy.com.

OVER 8 MILLION PATIENT RECORDS LEAKED IN HEALTH CARE DATA BREACH

4) Enable two-factor authentication (2FA)

Even if your login credentials are compromised, two factor authentication (2FA) can prevent attackers from entering. It requires sending an additional code to your phone, email, or authenticator app, making unauthorized access nearly impossible. Enable 2FA on your bank, email, and government-related accounts, as these often contain the most sensitive information.

5) Use a password manager

Many breaches occur because people reuse the same password across multiple websites. A password manager eliminates that risk by creating and storing strong, unique passwords for each account.

Next, check to see if your email has been exposed in previous breaches. Our number one password manager (see Cyberguy.com) includes a built-in breach scanner that checks to see if your email address or passwords have appeared in known breaches. If you discover a match, immediately change any reused passwords and protect those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com

6) Consider an identity theft protection service

Identity theft protection services monitor your personal data through multiple sources, including the dark web and public records. Identity theft companies can monitor personal information such as your social security number (SSN), phone number, and email address, and alert you if it is sold on the dark web or used to open an account. They can also help you freeze your bank and credit card accounts to prevent further unauthorized use by criminals.

See my tips and best options on how to protect yourself from identity theft at Cyberguy.com.

Kurt’s Key Takeaway

Although Conduent claims that the stolen data has not appeared online, that does not mean it is safe. Data exfiltration on this scale has long-term implications, from identity theft to potential fraud within public benefits systems. The real test will be how both Conduent and its government partners adapt their cybersecurity oversight to prevent similar breaches. Because at this point, the question is not whether these systems will be attacked again, but whether they will be better prepared when that happens.

CLICK HERE TO DOWNLOAD THE APP ON News

Do you think government contractors who handle sensitive information should face stricter cybersecurity regulations? Let us know by writing to us at Cyberguy.com.

Sign up to receive my FREE CyberGuy report
Get my best tech tips, urgent security alerts, and exclusive offers delivered right to your inbox. Plus, you’ll get instant access to my Ultimate Guide to Surviving Scams, free when you join me CYBERGUY.COM information sheet.

Copyright 2025 CyberGuy.com. All rights reserved.