Conduent Confirms Data Breach Affecting Over 10 Million People
BPO firm Conduent has confirmed a significant data breach that potentially exposed the personal information of more than 10 million individuals. Investigations show the intrusion began in October 2024 but was only detected in January 2025 after disruptions were reported by several state agencies, including the Wisconsin Child Support Trust Fund.
Details of the Breach
Cybercriminals maintained access to Conduent’s network for nearly three months. The compromised data included:
- Names
- Social Security numbers
- Birth dates
- Medical records
- Health-insurance details
Although Conduent initially found no signs of data misuse, the company acknowledged a continuing risk of identity theft and financial fraud.
Response and Impact
Conduent has spent approximately $25 million in direct response efforts. The company remains exposed to potential legal challenges and reputational harm.
Perpetrators and Claims
Cybersecurity experts suspect a ransomware gang was responsible. In February 2025, the SafePay group claimed credit, stating it had extracted 8.5 terabytes of data and threatened to release or sell it unless their demands were met.
The breach affected several government and healthcare clients, such as Blue Cross Blue Shield in Montana and Texas, as well as multiple state agencies.
Author's summary: Conduent's data breach exposed sensitive information of over 10 million people, highlighting ongoing risks despite mitigation efforts and underscoring the persistent threat of ransomware attacks.