Conduent — SafePay ransomware (govtech contractor)
Govtech contractor Conduent confirmed a January 2025 ransomware breach now exposed personal data of more than 25 million Americans across multiple US states.
- Target
- Conduent — SafePay ransomware (govtech contractor)
- Date public
- 26 February 2026
- Sector
- Government
- Attack type
- Ransomware
- Threat actor
- SafePay
- Severity
- Critical
- Region
- United States
State filings made through February 2026 confirmed that the January 2025 ransomware breach at government-services contractor Conduent has exposed personal data for more than 25 million Americans — a sharp increase from the company’s October 2025 estimate of around 4 million. Texas alone reported 15.4 million residents affected; Oregon reported 10.5 million.
The intrusion was claimed by the SafePay ransomware group. Reporting indicates attackers were resident in Conduent’s environment for around three months and exfiltrated approximately 8 TB of data before deploying ransomware, which knocked out Conduent’s operations for several days in January 2025. Exposed data includes names, Social Security numbers, dates of birth, medical records, health-insurance details, and treatment information — much of it processed by Conduent on behalf of state Medicaid and benefits programmes.
On 22 February 2026, the Texas Attorney General opened a probe into the breach and Conduent’s response. Reporting in Prism News and elsewhere has framed the incident as potentially the largest US data breach by affected-person count.
A deep-dive will follow once SafePay’s intrusion chain, the dwell-time forensics, and the state-by-state notification rollout are publicly documented.
Sources
- Texas Attorney General — investigation announcement, Conduent breach // primary
- TechCrunch — Conduent breach balloons, affecting millions more Americans // reporting
- Malwarebytes — the Conduent breach, from 10 million to 25 million // reporting
- HIPAA Journal — Texas AG investigates Conduent breach // reporting