Conduent Confirms Major Data Breach Affecting Over 10 Million People
BPO firm Conduent has confirmed a significant data breach that might have exposed the personal details of more than 10 million individuals. The breach was discovered in January 2025 but forensic analysis revealed that attackers gained access as early as October 2024.
Details of the Breach
Cybercriminals maintained access to Conduent’s network for close to three months. The stolen information included:
- Names
- Social Security numbers
- Birth dates
- Medical records
- Health insurance information
The breach was first noticed after various state agencies, such as the Wisconsin Child Support Trust Fund, experienced system disruptions.
Impact and Response
Although there was initially no proof of data misuse, Conduent warned about the ongoing risk of identity theft and financial fraud. The company has incurred approximately $25 million in direct expenses related to the incident and continues to face potential legal challenges and damage to its reputation.
Perpetrators and Threats
Cybersecurity analysts suspect a ransomware group was responsible. In February 2025, the SafePay gang claimed responsibility, stating it extracted 8.5 terabytes of data and threatened to publish or sell it unless Conduent fulfilled its demands.
"SafePay group claimed it had exfiltrated 8.5 terabytes of data and warned of publishing or selling it if demands were unmet."
Affected Clients
- Government agencies
- Healthcare clients including Blue Cross Blue Shield in Montana and Texas
- Multiple state agencies
Conduent continues to investigate and address the fallout from this extensive breach.
Author’s summary: Conduent’s data breach exposed millions of personal records, prompting costly response efforts and ongoing risks of identity theft and fraud amid threats from a ransomware gang.