Conduent Confirms Data Breach Affecting Over 10 Million People
Conduent, a major business process outsourcing company, has confirmed a massive cyberattack that compromised personal details of more than ten million individuals. The breach began in October 2024 but was only discovered in January 2025 after multiple state agencies identified unusual system disruptions.
Timeline and Discovery
Investigators revealed that cybercriminals maintained unauthorized access to Conduent’s systems for nearly three months. The breach came to light when agencies, including the Wisconsin Child Support Trust Fund, noticed irregular activity and reported it to the company.
Compromised Information
The stolen data included full names, Social Security numbers, dates of birth, medical records, and health insurance information. Conduent stated that although it found no verified evidence of misuse, the possibility of identity theft and financial fraud remains a concern.
Financial and Legal Impact
The company has already spent around 25 million U.S. dollars managing the incident, covering response operations, security reinforcement, and public notifications. It continues to face legal risks and potential damage to its reputation.
Attacker Identification
In February 2025, the SafePay group claimed responsibility for the intrusion, asserting that it exfiltrated 8.5 terabytes of information and threatened to release or sell the data unless its conditions were fulfilled.
Affected Clients
- Blue Cross Blue Shield of Montana
- Blue Cross Blue Shield of Texas
- Several state and healthcare agencies
Author’s Summary
The Conduent breach exposed sensitive personal and medical data of millions, underscoring the ongoing vulnerability of major outsourcing and healthcare systems to sophisticated ransomware attacks.