Visualização de leitura

↗️

The Conduent breach; from 10 million to 25 million (and counting)

✇Malwarebytes

The Conduent breach has quietly grown into one of the biggest third‑party data incidents in US history, and the real story now is how many different programs and employers are swept up in it, even for people who have never heard of Conduent.

When we first covered this incident, public filings suggested roughly 10.5 million affected individuals, heavily concentrated in Oregon and a few other states. Fresh state notifications reportedly put the total at more than 25 million people across the US, with Texas alone jumping from an early estimate of about 4 million to 15.4 million residents impacted, and Oregon holding at around 10.5 million.

That makes this one of the largest healthcare‑related breaches on record, with attackers reportedly spending about three months in Conduent’s environment and exfiltrating around 8 TB of data.

How are so many people affected who have never heard of Conduent?

In 2019, Conduent said its systems supported services for more than 100 million people nationwide and served a majority of Fortune 100 companies plus more than 500 government entities. That shows just how broad the potential blast radius is, even if not all of those records were touched in this incident.

Conduent sits behind the scenes of a major portion of US public services and corporate back‑office work, which explains why the victim list looks so disconnected. Its platforms handle:

  • State benefit programs such as Medicaid, SNAP (Supplemental Nutrition Assistance Program), and other government payment disbursements in more than 30 states.
  • Mailroom, printing, and payment processing for state benefit offices and healthcare programs, including large health insurers like Blue Cross Blue Shield plans.
  • Corporate services for major employers, including at least one large automotive manufacturer; nearly 17,000 Volvo Group employees are confirmed among those whose data was exposed.

Who stole what?

The cyberattack was later claimed by the SafePay ransomware gang.

SafePay claims Conduent breach
Image courtesy of Comparitech

The stolen data goes far beyond contact details. Notification letters and regulator filings describe:

  • Full legal names, postal addresses, and dates of birth.
  • Social Security numbers and other government identifiers.
  • Medical information, health insurance details, and related claims data.

Because Conduent processes benefits and HR data on behalf of agencies and employers, most people affected never interacted with Conduent directly and may not even recognize the name on the envelope. If you received SNAP benefits, Medicaid coverage, other state‑administered healthcare, or worked for an organization that outsources HR or claims administration to Conduent (or one of its clients), your data may have flowed through its systems even though your “customer relationship” was with a state agency, insurer, or employer.

Why this is worse than it first looked

There are three reasons why this follow‑up story is more serious than the original:

  • More people are involved: The raw numbers climbed from 10 million to 25 million as more states and corporate clients disclosed involvement, showing how opaque third‑party breaches can be at the start.
  • Forever identifiers: SSNs plus medical and insurance data enable long‑tail identity theft, medical fraud, and highly targeted phishing that can haunt victims for years.
  • Third-party blind spot: For many covered entities, “the breach” will never show up in their own logs because the compromise happened in a vendor’s environment they rely on but do not control.

So when an unexpected letter from Conduent arrives, it’s not a mistake. It’s a reminder that your data can be put at risk far away from the organizations you thought you were dealing with—and that the real exposure from this breach extends well beyond the numbers in any single state filing.

Conduent breach notification letter
Conduent breach notification letter

Depending on which of your data was compromised, you may receive a slightly different letter. If you receive one, you could read our guide on what to do after a data breach to understand your next steps.

We don’t just report on threats—we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your, and your family’s, personal information by using identity protection.


↗️

Volvo Group hit in massive Conduent data breach

✇Security Affairs
Por:Pierluigi Paganini

A Conduent breach exposed data of nearly 17,000 Volvo Group North America employees as the total impact rises to 25 million people.

A data breach at business services provider Conduent has impacted at least 25 million people, far more than initially reported. Volvo Group North America confirmed that the security breach exposed data of nearly 17,000 of its employees, making it one of several major companies affected by the large-scale breach.

SecurityWeek reports that the breach now affects far more people than first thought: Texas sees 15 million impacted (up from 4 million) and over 10 million individuals in Oregon are also affected.

In November 2025, the company confirmed that January 2025 breach exposed the personal data of over 10M people, including names, addresses, DOBs, SSNs, and health and insurance info.

In April 2025, the business services provider revealed that personal information, including names and Social Security numbers, was stolen in a January cyberattack.

In January, the company announced that a cyberattack caused service disruptions after agencies in multiple US states reported outages. Wisconsin and Oklahoma noted impacts on payments and customer support.

Conduent disclosed that hackers accessed its network from October 21, 2024, to January 13, 2025, stealing personal data of users, including SSNs, DOBs, addresses, and health info. The company notified affected individuals and is offering free identity protection.

The Safepay ransomware group claimed the attack in February 2025.

Conduent, which provides printing, mailroom, document processing, payment integrity, and other back-office services, notified individuals about a data breach on behalf of Volvo Group. Volvo told the Maine Attorney General that 16991 employees were affected. The company said it only became aware of the incident in January 2026, months after the breach occurred.

“On behalf of our clients, Conduent Business Services, LLC (“Conduent”) provides third-party printing/mailroom services, document processing services, payment integrity services, and other back-office support services. We are writing to inform you about a recent incident experienced by Conduent that may have involved some of your personal information, which came into our possession due to the services that we provide to your current or former health plan.” reads the data breach notification sent to the impacted individuals and shared with the Maine Attorney General Office. “While we are unaware of any attempted or actual misuse of any information involved in this incident, we are providing you with information about the incident and steps you can take to protect yourself, should you feel it necessary.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)

❌