- Conduent breach exposed data of more than 10 million people, including sensitive health and identity information
- The attack lasted almost three months; SafePay ransomware group claimed responsibility
- The systems were restored and secured; The authorities and affected states were notified.
Conduent has confirmed the loss of sensitive customer data in a January 2025 cyberattack, possibly affecting up to 10 million people.
The company, which helps organizations automate and manage large-scale operations, has filed data breach notices with the attorney general’s offices of several US states, detailing the incident.
“On January 13, 2025, we discovered that we were the victim of a cyber incident that affected a limited portion of our network,” the announcement reads. “Our investigation determined that an unauthorized third party accessed our environment from October 21, 2024 to January 13, 2025 and obtained some files.”
SafePay claims responsibility for the attack
Examining the data,The record claims that threat actors stole data from more than 10 million people.
Conduent is a major government contractor that reportedly works with more than 600 government entities around the world, including those at the state, local, and federal levels.
It also serves most Fortune 100 companies and manages large-scale tolling and transportation systems. In fact, it claims to support “6 of the 10 largest toll systems in the US.” through a toll transaction processing infrastructure.
Stolen information varies from state to state and person to person. The record says that in Texas, more than 400,000 people were affected, whose Social Security numbers (SSN), medical information and health insurance data were exposed.
People in Washington (76,000), South Carolina (48,000) and New Hampshire (10,000) were also exposed.
“Upon discovering the incident, we safely restored our systems and operations and notified authorities,” the company said. “This compromise was quickly contained and our technological environment is currently considered free of known malicious activity, as confirmed by our third-party security experts.”
A ransomware operation known as SafePay took responsibility for this attack and claimed it stole 8.5TB of data. SafePay isn’t as popular as LockBit or RansomHub, but it did find some notable names, including Ingram Micro.
Through The record
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
