The Conduent Breach Just Hit 25 Million Americans—Half of Texas Is Affected

If you've ever applied for Medicaid, received unemployment benefits, or used government assistance programs in Texas, Oregon, or several other states, your most sensitive personal information may now be in criminal hands.

A January 2025 ransomware attack on Conduent, one of America's largest government technology contractors, has ballooned into one of the worst data breaches in U.S. history. The company handles personal and health data for more than 100 million Americans, and the breach has now been confirmed to affect at least 25 million people—with 15.4 million victims in Texas alone, roughly half the state's population.

The Safeway ransomware gang has claimed credit for the attack, boasting that they stole over 8 terabytes of data from Conduent's systems.

What Data Was Stolen

This isn't a breach of email addresses and usernames. The stolen data includes some of the most sensitive information Americans possess:

• Social Security numbers: The key to identity theft
• Medical records: Diagnoses, treatments, and health history
• Health insurance information: Policy numbers and coverage details
• Full names and addresses: Current contact information
• Dates of birth: Combined with SSN, enables full identity theft

This combination of data is particularly dangerous because it enables both financial fraud and medical identity theft—criminals can open credit accounts in your name and bill fraudulent medical services to your insurance.

The Scope Keeps Growing

When Conduent first disclosed the breach, the company downplayed the impact. But as state attorneys general have filed reports, the true scale has emerged:

• Texas: 15.4 million affected (approximately half the state's population)
• Oregon: 10.5 million affected
• Other states: Numbers still being tallied

Legal experts now estimate the final victim count could exceed 25 million individuals, which would rank this among the top five largest healthcare data breaches ever recorded in the United States.

Why Government Contractors Are Prime Targets

Conduent processes data for state Medicaid programs, unemployment insurance systems, child support enforcement, and other government services. This makes them an extraordinarily valuable target for several reasons:

Centralized data: Instead of attacking 50 state agencies individually, hackers can breach one contractor and access data from multiple states simultaneously.

Sensitive populations: People using government assistance programs are often more vulnerable to fraud and less likely to have resources to recover from identity theft.

Compliance pressure: Government contracts often prioritize cost savings over security investments, creating gaps that sophisticated attackers can exploit.

The Legal Fallout

The breach has triggered a wave of legal action:

• 10+ federal class action lawsuits have been filed and consolidated in New Jersey federal court
• State attorneys general are investigating in multiple jurisdictions
• Conduent has already spent $9 million on breach response and expects to spend another $16 million through Q1 2026

For affected individuals, Conduent is offering two years of free credit monitoring. The deadline to enroll is March 31, 2026.

What to Do If You're Affected

If you've used any government assistance program in Texas, Oregon, or other states served by Conduent, take these steps immediately:

• Freeze your credit: Contact all three credit bureaus (Equifax, Experian, TransUnion) to place a security freeze. This prevents anyone from opening new accounts in your name.
• Enroll in Conduent's credit monitoring: Even if you're skeptical, take advantage of the free monitoring before the March 31, 2026 deadline.
• Monitor your health insurance: Watch for Explanation of Benefits (EOB) statements for services you didn't receive—this is a sign of medical identity theft.
• File an IRS Identity Protection PIN: Prevent tax fraud by requesting an IP PIN from the IRS at irs.gov/ippin.
• Watch for phishing: Criminals may use the stolen data to craft convincing scam emails about your benefits or health coverage. Verify everything through official channels.

The Bottom Line

The Conduent breach is a stark reminder that your most sensitive data often sits with companies you've never heard of. Government contractors handle everything from your tax returns to your medical records, and when they fail to secure that data, millions of people pay the price.

If you've ever received government benefits in affected states, don't wait for a notification letter. Assume your data was exposed and take protective action now. The criminals who bought this data aren't waiting.