Persistent data breaches are on the rise, affecting at least 25 million people

The fallout from a ransomware attack on one of the largest government contractors in the United States It continues to increase: More than 25 million people have now had their personal data stolen in the hack.

Conduent provides printing, mailroom, document processing and payments services for state government benefit operations, such as food assistance, as well as workplace and unemployment benefits for large businesses. As such, the Company handles a large amount of personal information relating to a large area of ​​the United States. conductor He says Its technology and operational support services reach more than 100 million people.

But since the January 2025 cyberattack, for which the ransomware group claimed responsibility, the giant has said little about the data breach, such as how it happened and how many people were affected.

Update to Wisconsin data breach notification page status The Conduent breach is now shown to affect at least 25 million people across the United States.

TechCrunch’s ongoing tally of the various data breach notification letters we’ve seen also stands at around 25 million people, with Oregon (10.5 million) and Texas (15.4 million) accounting for the majority of those affected. Other data breach notices seen by TechCrunch include a few hundred thousand individuals across Massachusetts, New Hampshire, and Washington.

The breach is known to have compromised individuals’ names, dates of birth, addresses, Social Security numbers, health insurance information, and medical data.

Conduent said little outside of its data breach notifications, and in some cases made it difficult for affected individuals to learn more about the breach.

A page on the Conduent website titled “Accident Notice” which was published in October 2025 at the same time as the first data breach notification, does not explicitly refer to a cybersecurity incident. The page has a “noindex” flag hidden in its source code, which tells search engines not to list the page in search results, making it difficult for anyone searching the web to find it.

When TechCrunch reached out to Conduent spokesperson Sean Collins, he did not say how many notifications the company had sent so far, or why the company hid notice of the incident from search engines.

The Conduent hack has been described as one of the “biggest hacks ever”, but it is likely behind the Change Healthcare hack, which… It affected more than 190 million people Following a ransomware attack in February 2024. A Russian-speaking ransomware gang stole large amounts of health and medical data from Change Healthcare using ransomware. Stolen credentials Which was not protected by multi-factor authentication, prompting the healthcare tech giant to at least pay a ransom to hold it Most of the data stolen Offline.