Conduent — a major government contractor that manages Medicaid, child support, welfare, tolling, and other state-run systems — suffered a large-scale cyberattack that exposed personal data belonging to more than 10 million Americans.

Hackers infiltrated Conduent’s network from October 21, 2024, to January 2025, remaining undetected for nearly three months. The breach involved theft of sensitive information tied to multiple state programs. Some of the stolen data includes Social Security numbers, medical records, and health insurance details, with at least 400,000 Texans affected. Impacted states also include Washington, South Carolina, New Hampshire, Maine, Oregon, Massachusetts and California.

The SafePay ransomware group later claimed responsibility, asserting it stole 8.5 terabytes of data. Conduent’s SEC filing confirmed that attackers exfiltrated files from a subset of clients. The breach caused operational disruptions early in 2025, temporarily halting services like child support payments in some states.

Conduent says there is no current evidence that the stolen data has been published or used maliciously. The company secured its systems, hired external forensic experts, notified law enforcement, and is now sending breach notifications on behalf of its clients. A dedicated call center is available for affected individuals.

The article also lists recommended steps for consumers to protect themselves after such breaches, including using data-removal services, monitoring accounts, installing antivirus protection, enabling two-factor authentication, using password managers, and considering identity theft protection services.