Conduent Breach Expands: 15.4 Million Texans Affected, 8TB

Executive Summary

The fallout from the January 2025 ransomware attack on Conduent, one of the largest government technology services providers in the United States, continues to expand dramatically. As of February 2026, the breach is now confirmed to affect at least 15.4 million people in Texas alone — roughly half the state's population.

The Safeway ransomware gang claims responsibility, stating they exfiltrated over 8 terabytes of sensitive data.

Breach Timeline

Jan 2025    — Conduent systems compromised by Safeway ransomware group
Jan 2025    — Initial disclosure: "cybersecurity incident" affecting some systems
Mid 2025    — Investigation reveals scope far larger than initially reported
Late 2025   — Breach notifications begin rolling out to affected individuals
Feb 2026    — Texas confirms 15.4 million residents affected
Feb 2026    — Safeway gang claims 8TB+ of stolen data

What Was Stolen

The stolen data includes some of the most sensitive categories of personal information:

Data Type	Confirmed
Full names	Yes
Social Security numbers	Yes
Medical records	Yes
Health insurance information	Yes
Government benefit program data	Yes
Addresses and contact information	Yes

Scale of Impact

15.4 million confirmed affected in Texas alone
National impact likely significantly higher (Conduent operates across multiple states)
One of the largest government-adjacent data breaches in U.S. history

Who Is Conduent?

Conduent is a $3.5 billion government technology services provider that processes:

Government benefit programs — Medicaid, SNAP, child support
Health and human services — Case management, eligibility determination
Transportation — Tolling, parking, transit fare collection
HR services — Payroll, benefits administration

The company processes sensitive data for government agencies across dozens of states, making it a high-value target for ransomware operators.

Supply Chain Risk in Focus

This breach is a case study in third-party vendor risk:

The Chain of Trust

Citizens → Government Agency → Conduent (processor) → Breach
 
15.4M+ individuals trusted their state government with sensitive data.
The state trusted Conduent to handle it securely.
Conduent was compromised.

Similar Government Vendor Breaches

Year	Vendor	Impact
2023	MOVEit (Progress)	2,000+ organizations, 60M+ individuals
2024	Change Healthcare	100M+ patients
2025	CDK Global	15,000+ auto dealerships
2025-26	Conduent	15.4M+ (Texas alone)

Lessons for Security Teams

Third-Party Risk Management

Vendor security assessments — Conduct regular security reviews of vendors handling sensitive data
Data minimization — Limit the data shared with third parties to what's strictly necessary
Contractual protections — Require breach notification within 24-48 hours, not months
Monitoring — Implement monitoring for data exfiltration from vendor-connected systems
Backup processors — Identify alternative vendors that can assume operations during an incident

Incident Response

Assume breach notification delays — Plan for the reality that vendor breach disclosures often come months after the actual compromise
Identity monitoring — Offer affected individuals credit monitoring and identity theft protection
Regulatory compliance — Understand notification obligations under state data breach laws

For Affected Individuals

If you receive a breach notification from Conduent or your state agency:

Freeze your credit with all three bureaus (Equifax, Experian, TransUnion)
Monitor benefit accounts for unauthorized changes
Enable fraud alerts on financial accounts
File an identity theft report if you notice suspicious activity
Take advantage of offered monitoring — Most notifications include free credit monitoring

The Ransomware Supply Chain Playbook

Ransomware groups have learned that targeting infrastructure providers creates maximum leverage:

One breach → millions affected — Conduent processes data for entire state populations
Government data = high value — SSNs, medical records, and benefit information command premium prices
Regulatory pressure — Government contracts mean additional compliance obligations and public scrutiny
Payment incentive — Disrupting government services creates urgency to pay

Sources

Executive Summary

The Safeway ransomware gang claims responsibility, stating they exfiltrated over 8 terabytes of sensitive data.

Breach Timeline

Jan 2025    — Conduent systems compromised by Safeway ransomware group
Jan 2025    — Initial disclosure: "cybersecurity incident" affecting some systems
Mid 2025    — Investigation reveals scope far larger than initially reported
Late 2025   — Breach notifications begin rolling out to affected individuals
Feb 2026    — Texas confirms 15.4 million residents affected
Feb 2026    — Safeway gang claims 8TB+ of stolen data

What Was Stolen

The stolen data includes some of the most sensitive categories of personal information:

Data Type	Confirmed
Full names	Yes
Social Security numbers	Yes
Medical records	Yes
Health insurance information	Yes
Government benefit program data	Yes
Addresses and contact information	Yes

Scale of Impact

15.4 million confirmed affected in Texas alone
National impact likely significantly higher (Conduent operates across multiple states)
One of the largest government-adjacent data breaches in U.S. history

Who Is Conduent?

Conduent is a $3.5 billion government technology services provider that processes:

Government benefit programs — Medicaid, SNAP, child support
Health and human services — Case management, eligibility determination
Transportation — Tolling, parking, transit fare collection
HR services — Payroll, benefits administration

The company processes sensitive data for government agencies across dozens of states, making it a high-value target for ransomware operators.

Supply Chain Risk in Focus

This breach is a case study in third-party vendor risk:

The Chain of Trust

Citizens → Government Agency → Conduent (processor) → Breach
 
15.4M+ individuals trusted their state government with sensitive data.
The state trusted Conduent to handle it securely.
Conduent was compromised.

Similar Government Vendor Breaches

Year	Vendor	Impact
2023	MOVEit (Progress)	2,000+ organizations, 60M+ individuals
2024	Change Healthcare	100M+ patients
2025	CDK Global	15,000+ auto dealerships
2025-26	Conduent	15.4M+ (Texas alone)

Lessons for Security Teams

Third-Party Risk Management

Vendor security assessments — Conduct regular security reviews of vendors handling sensitive data
Data minimization — Limit the data shared with third parties to what's strictly necessary
Contractual protections — Require breach notification within 24-48 hours, not months
Monitoring — Implement monitoring for data exfiltration from vendor-connected systems
Backup processors — Identify alternative vendors that can assume operations during an incident

Incident Response

Assume breach notification delays — Plan for the reality that vendor breach disclosures often come months after the actual compromise
Identity monitoring — Offer affected individuals credit monitoring and identity theft protection
Regulatory compliance — Understand notification obligations under state data breach laws

For Affected Individuals

If you receive a breach notification from Conduent or your state agency:

Freeze your credit with all three bureaus (Equifax, Experian, TransUnion)
Monitor benefit accounts for unauthorized changes
Enable fraud alerts on financial accounts
File an identity theft report if you notice suspicious activity
Take advantage of offered monitoring — Most notifications include free credit monitoring

The Ransomware Supply Chain Playbook

Ransomware groups have learned that targeting infrastructure providers creates maximum leverage:

One breach → millions affected — Conduent processes data for entire state populations
Government data = high value — SSNs, medical records, and benefit information command premium prices
Regulatory pressure — Government contracts mean additional compliance obligations and public scrutiny
Payment incentive — Disrupting government services creates urgency to pay

Conduent Breach Expands: 15.4 Million Texans Affected, 8TB

Affected Products

Executive Summary

Breach Timeline

What Was Stolen

Scale of Impact

Who Is Conduent?

Supply Chain Risk in Focus

The Chain of Trust

Similar Government Vendor Breaches

Lessons for Security Teams

Third-Party Risk Management

Incident Response

For Affected Individuals

The Ransomware Supply Chain Playbook

Sources

Iron Mountain Responds to Everest Ransomware Breach Claims

CVE-2026-32238: Critical Command Injection in OpenEMR Backup Functionality

Critical CORS + Path Traversal in TinaCMS CLI Dev Server

Conduent Breach Expands: 15.4 Million Texans Affected, 8TB

Affected Products

Executive Summary

Breach Timeline

What Was Stolen

Scale of Impact

Who Is Conduent?

Supply Chain Risk in Focus

The Chain of Trust

Similar Government Vendor Breaches

Lessons for Security Teams

Third-Party Risk Management

Incident Response

For Affected Individuals

The Ransomware Supply Chain Playbook

Sources

Iron Mountain Responds to Everest Ransomware Breach Claims

CVE-2026-32238: Critical Command Injection in OpenEMR Backup Functionality

Critical CORS + Path Traversal in TinaCMS CLI Dev Server

Affected Products

Executive Summary

Breach Timeline

What Was Stolen

Scale of Impact

Who Is Conduent?

Supply Chain Risk in Focus

The Chain of Trust

Similar Government Vendor Breaches

Lessons for Security Teams

Third-Party Risk Management

Incident Response

For Affected Individuals

The Ransomware Supply Chain Playbook

Sources

Related Reading

Affected Products

Executive Summary

Breach Timeline

What Was Stolen

Scale of Impact

Who Is Conduent?

Supply Chain Risk in Focus

The Chain of Trust

Similar Government Vendor Breaches

Lessons for Security Teams

Third-Party Risk Management

Incident Response

For Affected Individuals

The Ransomware Supply Chain Playbook

Sources

Related Reading