Patriot Brief
- What Happened: A data breach at government tech contractor Conduent now affects over 25 million Americans, nearly triple the original estimate of 10 million.
- Why It Matters: The SafePay ransomware group stole over 8 terabytes of data including names, Social Security numbers, and medical information.
- Bottom Line: Conduent says it has no evidence of misuse yet and expects to notify all affected consumers by April 15.
Another day, another massive data breach that is way worse than anyone initially admitted.
Conduent, a business technology firm handling medical billing, toll transactions, and government prepaid card programs, suffered a data breach that began in October 2024. When the company first started notifying consumers last fall, officials estimated about 10 million people were affected. That number has now exploded to more than 25 million Americans.
The Conduent breach keeps getting worse, now stretching into the tens of millions of affected Americans as state disclosures roll in. Names, Social Security numbers, medical and insurance records were exposed in a ransomware attack that went undetected for months. This is exactly… pic.twitter.com/b9N4RkWTTl
— TransCrypts (@transcrypts_) February 7, 2026
Texas alone now accounts for at least 15.4 million victims, up from an earlier estimate of just 4 million. Oregon's attorney general confirmed over 10 million people were affected in that state. Conduent has also reached out to hundreds of thousands of people in Delaware, Massachusetts, New Hampshire, and other states.
The ransomware group known as SafePay claimed responsibility for the attack and said it stole over 8 terabytes of data during the intrusion. That includes names, Social Security numbers, and medical information belonging to millions of everyday Americans who had no idea their private data was sitting in a government contractor's system.
Conduent data breach exposed 25 million Americans – including half of Texas https://t.co/aW2sX6icLy pic.twitter.com/6haEhlplco
— New York Post (@nypost) February 9, 2026
Conduent told Fox Business it expects to send all consumer notifications by April 15 and has set up a dedicated call center to handle inquiries. The company says it has no evidence of any attempted or actual misuse of the stolen information and claims its dark web monitoring has not turned up any signs of leaked data.
That is not exactly reassuring. A ransomware gang stole 8 terabytes of your most sensitive personal information and we are supposed to feel comfortable because they have not posted it yet.
This is what happens when the government outsources sensitive data to private contractors with inadequate security. Millions of Americans trusted these systems with their Social Security numbers and medical records. That trust was completely violated.
If you think you may be affected, watch your accounts closely and consider placing a credit freeze immediately.