Narayan AmmachchiBusiness process outsourcing (BPO) firm Conduent has confirmed a large-scale data breach that may have exposed the personal information of more than 10 million people.
Forensic investigations revealed that the intrusion began in October 2024. However, it was only detected in January 2025, after several state agencies — including the Wisconsin Child Support Trust Fund — reported system disruptions.
Cybercriminals had maintained access to Conduent’s network for nearly three months.
The stolen data included names, Social Security numbers, birth dates, medical records, and health-insurance details.
While Conduent initially found no evidence of misuse, it acknowledged a persistent risk of identity theft and financial fraud.
The company has spent about US $25 million in direct response costs and continues to face potential legal and reputational fallout.
Cybersecurity experts believe a ransomware gang was behind the attack. In February 2025, the SafePay group claimed responsibility, asserting it had exfiltrated 8.5 terabytes of data and threatened to publish or sell it unless Conduent met its demands.
The breach affected several government and healthcare clients, including Blue Cross Blue Shield in Montana and Texas, as well as multiple state agencies.
Add comment