Conduent Confirms Large Data Breach Affecting Over 10 Million People
BPO firm Conduent has confirmed a massive data breach potentially exposing the personal data of more than 10 million individuals. The intrusion began in October 2024 but was only discovered in January 2025 after system disruptions were reported by several state agencies, including the Wisconsin Child Support Trust Fund.
Details of the Breach and Investigation
Cybercriminals maintained unauthorized access to Conduent's network for nearly three months. The stolen information included:
- Names
- Social Security numbers
- Birth dates
- Medical records
- Health insurance details
Although Conduent initially found no evidence of data misuse, it warned of an ongoing risk of identity theft and financial fraud.
Financial Impact and Legal Risks
The company has incurred around US $25 million in direct response expenses and continues to face potential legal and reputational consequences.
Perpetrators and Ransomware Claims
Cybersecurity experts attribute the attack to a ransomware gang. In February 2025, the SafePay group claimed responsibility, stating:
"We have exfiltrated 8.5 terabytes of data and will publish or sell it unless Conduent complies with our demands."
Affected Clients
The breach impacted various government and healthcare clients, including Blue Cross Blue Shield in Montana and Texas, as well as multiple state agencies.
Author's Summary
This significant breach exposed sensitive data of millions and underscores ongoing cybersecurity challenges for BPO firms handling government and healthcare information.