Conduent Confirms Data Breach Affecting Over 10 Million People
BPO firm Conduent has verified a significant data breach that potentially exposed sensitive information of more than 10 million individuals.
Timeline and Discovery
Forensic analysis determined the breach started in October 2024 but was not detected until January 2025. The detection followed reports of system disruptions from multiple state agencies, including the Wisconsin Child Support Trust Fund.
Extent of the Breach
- Cybercriminals accessed Conduent’s network for nearly three months.
- Compromised data comprised names, Social Security numbers, birth dates, medical records, and health insurance details.
Immediate Responses and Risks
Although no confirmed misuse of stolen data was initially found, Conduent acknowledged ongoing risks related to identity theft and financial fraud.
Cybersecurity experts suggest the attack was orchestrated by a ransomware gang.
Aftermath and Legal Impact
- Conduent has incurred approximately $25 million in direct response costs.
- The company is facing potential legal challenges and damage to its reputation.
- Several government and healthcare clients were impacted, including Blue Cross Blue Shield in Montana and Texas.
Perpetrators and Threats
In February 2025, the SafePay group claimed responsibility for the breach, stating they exfiltrated 8.5 terabytes of data. They threatened to publish or sell the information unless their demands were met.
"The group asserted it had exfiltrated 8.5 terabytes of data and threatened to publish or sell it unless Conduent complied with their demands."
Clients Affected
- Various state agencies
- Healthcare organizations including Blue Cross Blue Shield in Montana and Texas
Summary: Conduent's breach exposed personal data of millions, leading to significant financial, legal, and reputational consequences while highlighting ongoing cybersecurity threats.