Conduent Confirms Data Breach Affecting Over 10 Million People
BPO firm Conduent has confirmed a major data breach that may have compromised the personal information of more than 10 million individuals. The intrusion began in October 2024 but was only discovered in January 2025 after disruptions were reported by state agencies, including the Wisconsin Child Support Trust Fund.
Details of the Cyberattack
- Cybercriminals had access to Conduent’s systems for nearly three months.
- Stolen data included names, Social Security numbers, birth dates, medical records, and health insurance information.
- Initial investigations showed no signs of data misuse, but the risk of identity theft and financial fraud remains high.
Company Response and Impact
Conduent has spent approximately US $25 million addressing the breach and continues to manage possible legal challenges and reputational damage.
Attribution and Threats
In February 2025, the ransomware group SafePay claimed responsibility, stating it had extracted 8.5 terabytes of data and threatened to publish or sell it unless Conduent met their demands.
The breach impacted several government and healthcare clients, including Blue Cross Blue Shield in Montana and Texas, along with various state agencies.
Author’s Summary
This significant breach highlights the sustained risks of cyber intrusions in outsourcing firms, emphasizing urgent need for stronger security measures to protect sensitive personal data.