Conduent Confirms Major Data Breach
BPO firm Conduent has officially confirmed a large-scale data breach affecting personal data of over 10 million individuals. The company revealed that a cyber intrusion began in October 2024 but was not discovered until January 2025, after several state agencies, including the Wisconsin Child Support Trust Fund, reported system disruptions.
Investigations showed that hackers had continuous access to Conduent’s network for nearly three months. The compromised data included full names, Social Security numbers, birth dates, medical records, and health insurance information. Although no direct evidence of data misuse was found initially, Conduent admitted an ongoing risk of identity theft and financial fraud.
The company has already spent approximately US $25 million on immediate response efforts and faces potential legal challenges and reputational harm linked to the incident. Cybersecurity analysts suggest that a ransomware gang orchestrated the breach.
Ransomware Group Claims Responsibility
In February 2025, a criminal group known as SafePay publicly claimed responsibility for the attack.
SafePay stated that it had extracted 8.5 terabytes of data and threatened to release or sell it unless Conduent complied with its demands.
The breach also impacted several government and healthcare partners, including Blue Cross Blue Shield offices in Montana and Texas, along with various state agencies connected to Conduent’s services.
Author Summary
Conduent’s massive 2024–2025 data breach compromised sensitive records of over 10 million people, drawing attention to persistent cybersecurity risks and organizational vulnerabilities.