• Copy link
• Facebook
• X
• Reddit
• Email

Share this article

0

Join the conversation

Follow us

Add us as a preferred source on Google

Newsletter

Get the Tom's Guide Newsletter

Here at Tom’s Guide our expert editors are committed to bringing you the best news, reviews and guides to help you stay informed and ahead of the curve!

Become a Member in Seconds

Unlock instant access to exclusive member features.

Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors

---

By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

You are now subscribed

Your newsletter sign-up was successful

---

Want to add more newsletters?

Daily (Mon-Sun)

Tom's Guide Daily

Sign up to get the latest updates on all of your favorite content! From cutting-edge tech news and the hottest streaming buzz to unbeatable deals on the best products and in-depth reviews, we’ve got you covered.

Signup +

Weekly on Thursday

Tom's AI Guide

Be AI savvy with your weekly newsletter summing up all the biggest AI news you need to know. Plus, analysis from our AI editor and tips on how to use the latest AI tools!

Signup +

Weekly on Friday

Tom's iGuide

Unlock the vast world of Apple news straight to your inbox. With coverage on everything from exciting product launches to essential software updates, this is your go-to source for the latest updates on all the best Apple content.

Signup +

Weekly on Monday

Tom's Streaming Guide

Our weekly newsletter is expertly crafted to immerse you in the world of streaming. Stay updated on the latest releases and our top recommendations across your favorite streaming platforms.

Signup +

---

Join the club

Get full access to premium articles, exclusive features and a growing list of member rewards.

Explore

---

An account already exists for this email address, please log in.

Subscribe to our newsletter

A data breach from more than a year ago may be far larger than initially disclosed. The giant government technology company Conduent suffered a major ransomware attack in January 2025 that knocked out services across multiple U.S. states for several days.

The HIPAA Journal reported that at least 10 million people were affected by the data breach with the company needing several months to determine how widespread the damage was. This was confirmed in a September 2025 SEC statement.

Another SEC filing revealed that the stolen information included personal information like Social Security numbers, patient records, and health insurance information. A hacker group calling itself SAFEEPAY Ransomware has claimed responsibility for the breach.

Conduent is a major government contractor that handles a massive amount of sensitive information for multiple U.S. states. Oregon, for example, has Conduent handle some EBT or Snap benefits for its residents. Conduent itself says that it supports "approximately 100 million US residents across various government health programs."

Most states have laws that require companies to send out data breach notification letters. These notices include information on the breach itself and usually contain a code to get free access to one of the best identity theft protection services for 12 to 24 months.

Notices for affected states have been sent out across Delaware, Indiana, Maine, Massachusetts, New Hampshire, Oregon and Vermont.

Strangely, Oregon's DOJ lists the breach as affecting nearly 10.5 million people across the state. That state only has a listed population of 4.9 million total. I have reached out to the Oregon attorney general's office for clarification though.

A Conduent spokesperson told TechCrunch that the company has been working to “conduct a detailed analysis of the affected files to identify the personal information." Reportedly, they would not confirm how many notifications it has sent out of if 100 million people were caught up in the breach.

The company has said it plans to finish sending notifications by "early 2026."

How to stay safe after a data breach

At some point, you are likely to receive a data breach notice from one or more companies you do business with or even ones you indirectly do. Fortunately, there are steps you can take to stay safe after a breach.

As mentioned above, usually companies that are hit by cyberattacks will provide at least a year of credit tracking and sometimes access to an identity theft protection service. Take advantage of those tools if they are offered.

If they don't, you'll want to invest in one of them on your own. Normally, you need to invest in identity theft protection before a breach even happens, but it doesn't hurt to sign up after.

As always, you'll want to be on high alert for phishing attacks and social engineering attacks, especially ones that urge you to "act now." Avoid clicking on any links, QR codes, or attachments from unknown senders.

Consider a password overhaul by coming up with strong, complex passwords for all of your accounts but you can also use one of the best password managers to do so for you instead.

Finally, just in case, make sure you close any old online accounts that aren't in use. The fewer accounts you have, the less likely you'll be hacked or have the sensitive data associated with those accounts exposed online.

This breach seems to be growing, and we'll update this article if any more information surfaces about the Conduent leak.

Follow Tom's Guide on Google News and add us as a preferred source to get our up-to-date news, analysis, and reviews in your feeds.

More from Tom's Guide

• Panera data breach hits over 5 million customers — names, emails, phone numbers and physical addresses exposed
• 149 million logins and passwords exposed for Gmail, Facebook, Instagram and more — everything you need to know
• Nike currently 'investigating a potential cybersecurity incident' as 1.4TB of data allegedly stolen