Government IT and Public Benefits Systems

A ransomware attack on government technology contractor Conduent is now believed to have exposed deeply sensitive personal and medical data on tens of millions of Americans who rely on state agencies and public health programs. The Safeway ransomware gang hit Conduent in January 2025, stealing more than 8 terabytes of data, but only in recent months have state disclosures revealed the scale: at least 15.4 million residents in Texas and 10.5 million in Oregon, plus hundreds of thousands more in Delaware, Massachusetts, New Hampshire and other states. The compromised information includes names, Social Security numbers, medical details and health‑insurance data—long‑lived identifiers that can fuel identity theft, insurance fraud and targeted scams—and many affected people may have no idea their data ever passed through Conduent’s systems. Conduent, which processes information for large corporations and state agencies and supports services for more than 100 million people nationwide, told the SEC that a 'significant number' of end users’ records were stolen but has not said how many individuals are ultimately affected. Notifications are expected to continue into early 2026, meaning millions could wait months before learning their data was compromised, even as security experts and consumer advocates warn on social platforms that the combination of SSNs and health records is among the most dangerous kinds of breach for ordinary Americans.