A ransomware attack that caused a massive data breach for one of the largest government contractors in the U.S. keeps expanding. In early February, it was reported that 10 million people were impacted by the Conduent breach a year after it was discovered.
Now though, it's been revealed that the breach may affect more than 25 million individuals across the country. Wisconsin's Department of Agriculture, Trade and Consumer Protection updated its data breach notification page recently, confirming that high number.
Our early reporting floated the number, but it didn't totally make sense since Oregon was reporting 10 million affected in a state that only has a population of nearly 5 million.
For the unfamiliar, Conduent provides services including payment and document processing for multiple state government benefit operations. These include food assistance and unemployment benefits. Conduent itself says that its service reaches more than 100 million people across the country.
However, since that January 2025 admission, the breach has continued to grow. Conduent has yet to say how the breach happened or how many people are actually affected though.
The numbers have largely come from various state agencies. So far, the majority of impacted people are from Texas and Oregon, with notices sent out in Massachusetts, New Hampshire, Washington and Wisconsin.
Exposed data includes names, addresses, dates of birth, Social Security numbers, health insurance and medical information.
Conduent's data breach is large and apparently growing, but so far it's not the largest. To date, the Change Healthcare breach from 2024 has impacted over 190 million people.
How to stay safe in a data breach
Data breaches can be quite impactful. I received a breach notice from Conduent indicating that some of my information was exposed. Strangely, I only recently received the notice despite the letter's date of December 31, 2025.
Fortunately, there are steps that I will be taking to stay safe.
For starters, Conduent is offering complimentary identity monitoring services. If a company offers credit monitoring or access to one of the best identity theft protection services, from a notice, you should take advantage of those tools.
Additionally, you can claim up to one free credit report a year, so that might be something to consider. You can also place a fraud alert on your credit file by contacting the major credit agencies like Equifax, Experian or TransUnion. These alerts typically last 90 days and are free to set up.
As always, you'll want to be on high alert for phishing attacks and social engineering attacks, especially ones that urge you to "act now." Avoid clicking on any links, QR codes, or attachments from unknown senders.
Beyond that, you should consider a password overhaul by creating strong, complex passwords for all of your accounts but you can also use one of the best password managers to do so for you instead.
Conduent has been cagey with information regarding this breach, so it's not clear if it will continue to expand. We'll keep an eye on things in case they do though.
Follow Tom's Guide on Google News and add us as a preferred source to get our up-to-date news, analysis, and reviews in your feeds.
