Conduent breach impacted about 17,000 Volvo North America employees

Volvo Group North America said the personal information of close to 17,000 employees was exposed after hackers broke into the network of back office services company Conduent and accessed confidential client data.

 

The U.S. automaker said in a filing with the office of the Attorney General of Maine that a cyber security incident at IT services company Conduent compromised the names and other personal identifiers of approximately 16,991 employees.

 

The announcement takes place a year after Conduent revealed that a major IT security incident compromised the data of more than 15 million individuals. The incident involved cyber criminals accessing the company’s network between October 21, 2024, and January 13, 2025, and exfiltrating vast amounts of data associated with Conduent’s client companies.

 

The SafePay ransomware group claimed responsibility for the cyber attack on Conduent and listed the company as a victim on its data leak site. The group claimed to be in possession of 8.5 terabytes of confidential data stolen from the company and threatened to leak the data if a ransom wasn’t paid.

 

The stolen information reportedly included names, social security numbers, dates of birth, treatment details, claim numbers, and health insurance information. 

 

Conduent said the threat actors accessed information related to clients’ current and former health plans, but given the complexity of the data involved, the company worked with internal and external experts to carry out a detailed review of the affected files to identify the personal information contained therein.

 

The cyber attack on Conduent, which provides mailroom, document processing, printing, and other administrative services for HIPAA-covered entities and public agencies, impacted major healthcare insurers like Premera Blue Cross, Blue Cross Blue Shield of Montana, Blue Cross and Blue Shield of Texas, and Humana.  

 

Blue Cross and Blue Shield of Montana, which provides a range of health insurance plans to hundreds of thousands of members in the state of Montana, said in October that the data security incident at Conduent impacted about 462,000 of its members, prompting the state’s insurance commissioner to launch an investigation into the incident.

 

“Our office is committed to protecting Montanans and ensuring a fair, transparent, and very serious process when sensitive personal and health data may have been placed at risk. Our office will consider all the evidence and then issue a final order in due course,” said Montana CSI communications director Tyler Newcombe.