Data breach that went unnoticed in October 2024 may have left millions of Americans vulnerable

The company where the breach happened is facing several litigations with class action lawsuits.

PUBLISHED FEB 10, 2026

Cover Image Source: Photo by Tima Miroshnichenko |Pexels

Americans have it hard enough to get by, thanks to rising prices and unemployment. Now, reports of a serious data breach that could affect millions are doing the rounds. Perhaps the worst-affected state is Texas, where, reportedly, the sensitive information of about half of its residents might be seriously compromised. The breach led to information like Social Security numbers and health insurance being made public, and evidently, no one is happy about this development.

Lower-income Americans waiting for Thanksgiving meals (Cover image source: Getty Images | Spencer Platt) — Representative image of American citizens. (Image source: Getty Images | Spencer Platt)

The data breach took place at Conduent, whose systems were hacked by the SafePay ransomware group in October 2024. This breach remained unnoticed for three months until January 13, 2025. In those three months of uninterrupted access to the data of millions of Americans, the SafePay ransomware group claimed that it siphoned roughly 8.5 terabytes of data from Conduent’s systems, as per a report in The New York Post.

Data Breach Concepts. Fingerprint with abstract data on digital screen. Credit: Vertigo3D

The ransomware group listed Conduent on its dark web leak site in February 2025 and threatened to publish the data if a ransom was not paid, as per the report. There are no reports of Conduent contacting the group. The ones affected, as is always the case, will be the American public. Recently, the state of Texas revised the number of people who might be affected from 4 million to a whopping 15.4 million. That is a 285% increase.

Representative image of a cyber criminal. (Image credit: Getty Images | Witthaya Prasongsin)

Several other states have been affected by the breach. Oregon reported that an estimated 10.5 million people might have had their data leaked thanks to the breach. Victims in other states like Delaware, Massachusetts, and New Hampshire number in the hundreds of thousands. The breach has sparked a series of litigations, with multiple class action lawsuits consolidated in federal court in New Jersey, slamming Conduent for not adequately safeguarding its personal data.

Masked Anonymous Hacker Organizes malware Attack on Global Scale. Credit: Thana Prasongsin

Not only was Conduent unable to safeguard personal information, but it also remained oblivious to the data theft that went on for three months. The company could face significant damages, regulatory penalties, and long-term fallout with state government clients. What’s worse is that it might even see people in power crack down hard. The company handles backend systems for state governments nationwide, everything from Medicaid claims and eligibility systems to child support payments, food assistance, and unemployment insurance.

Representative image of a person affected by a data breach. (Image credit: Getty Images | Olga Pankova)

As per the report, Conduent agencies in 46 states support government healthcare programs serving about 120 million people, processing more than 500 million Medicaid claims each year, and disbursing billions of dollars each year.

The SafePay ransomware group even listed Conduent on its dark web leak site in February 2025, but as per the latter, no such listing exists as of this writing. “Both Conduent and our third-party experts monitor the dark web regularly and have no evidence of any personal information being released on the dark web,” the company said in a statement.

More on Market Realist:

Millions of Walmart shoppers are being targeted by scammers — FCC issues major warning

Authorities issue major warning about a letter scam being sent out to dupe taxpayers

Hackers send hundreds of thousands of scam texts to New Yorkers — should you be worried?