Conduent Confirms Data Breach Exposing Over 10 Million People
Business process outsourcing (BPO) firm Conduent has confirmed a major data breach that potentially exposed the personal information of more than 10 million individuals.
Incident Overview
Forensic investigations revealed the intrusion started in October 2024 but was only discovered in January 2025 after reports of system disruptions from several state agencies, including the Wisconsin Child Support Trust Fund. Cybercriminals had access to Conduent’s network for nearly three months.
Compromised Data
The stolen information included:
- Names
- Social Security numbers
- Birth dates
- Medical records
- Health insurance details
Response and Impact
Although initial investigations found no evidence of misuse, Conduent warned of ongoing risks related to identity theft and financial fraud. The company has incurred approximately US $25 million in direct response expenses and faces potential legal and reputational consequences.
Attack Attribution
Cybersecurity experts suspect a ransomware group was responsible. In February 2025, the SafePay group claimed the attack, stating they extracted 8.5 terabytes of data and threatened to expose or sell it unless Conduent complied with their demands.
Affected Clients
The breach impacted several government and healthcare clients, including Blue Cross Blue Shield operations in Montana and Texas, along with various state agencies.
"Cybercriminals had maintained access to Conduent’s network for nearly three months."
"SafePay group claimed responsibility, asserting it had exfiltrated 8.5 terabytes of data and threatened to publish or sell it unless Conduent met its demands."
Summary: Conduent’s data breach exposed sensitive information of over 10 million people, resulting in extensive financial costs and ongoing risks of identity theft and fraud.