Conduent Confirms Data Breach Exposing Over 10 Million People

Conduent Confirms Major Data Breach Exposing Over 10 Million People

Business process outsourcing (BPO) firm Conduent has acknowledged a significant data breach that potentially compromised the personal information of more than 10 million individuals.

Timeline of the Breach

Forensic investigations revealed the intrusion started in October 2024 but was only detected in January 2025. Detection followed reports of system disruptions from multiple state agencies, including the Wisconsin Child Support Trust Fund. Cybercriminals maintained access to Conduent’s network for nearly three months.

Data Compromised

Names
Social Security numbers
Birth dates
Medical records
Health insurance details

Company Response and Risks

While Conduent initially found no misuse of the stolen information, it recognized ongoing risks of identity theft and financial fraud. The company has already spent around $25 million responding directly to the breach and faces possible legal challenges and damage to its reputation.

Cybersecurity experts believe a ransomware gang was responsible for the attack.

Ransomware Claim

In February 2025, the SafePay group claimed responsibility, stating it had exfiltrated 8.5 terabytes of data. The group threatened to publish or sell the stolen data unless Conduent complied with its demands.

Impact on Clients

The breach affected several government and healthcare clients, including:

Blue Cross Blue Shield in Montana and Texas
Multiple state agencies

This incident highlights the vulnerabilities of critical data managed by outsourcing firms and the continuing threat from sophisticated cybercriminal groups.

Conduent's data breach exposed sensitive information of over 10 million people, emphasizing the urgent need for enhanced cybersecurity in service providers handling critical personal data.

Nearshore Americas — 2025-11-05