Conduent Confirms Massive Data Breach Exposing Personal Data of Over 15 Million

Headquartered in Florham Park, New Jersey, Conduent, which provides IT and business services to government agencies and corporations, disclosed that a cyber security incident earlier this year compromised data for more than 15 million individuals.

The incident, which occurred around January 13, 2025, involved unauthorised access by a threat actor who infiltrated Conduent’s internal network and exfiltrated confidential personal data related to a limited number of clients’ end users. 

Although the company confirmed that the stolen data was not publicly released or posted on the dark web, the incident disrupted critical services in multiple U.S. states, including Wisconsin and Oklahoma, affecting benefits and support payments. 

The breach impacted several clients of Conduent, including Premera Blue Cross and Blue Cross Blue Shield of Montana. Both organisations confirmed that the breach originated from Conduent’s systems and exposed sensitive personal information of their members, such as names, Social Security numbers, dates of birth, treatment details, and claim numbers.

Conduent Inc. has notified several state attorneys general about a large-scale data breach affecting residents across multiple states. In a filing with Oregon regulators, the company disclosed that the personal information of more than 10.5 million individuals was compromised. Additional filings revealed that the breach impacted over 4 million people in Texas, 76,000 in Washington, and hundreds in Maine, underscoring the widespread scope and severity of the incident.

The SafePay ransomware group claimed responsibility for the cyber attack on Conduent and listed the company as a victim on its data leak site. The group said it is in possession of 8.5 terabytes of confidential data stolen from the company and threatened to leak it unless its ransom demands were met.