- A converged breach exposed the data of more than 10 million people, including sensitive health and identity information.
- The attack lasted almost three months; SafePay ransomware group claimed responsibility
- Systems have been restored and secured; law enforcement and affected states have been informed
Conduent has confirmed that it lost sensitive customer data in a cyberattack in January 2025, which could affect up to 10 million people.
The company, which helps organizations automate and manage their operations at scale, filed data breach notifications with attorneys general’s offices in several US states, detailing the incident.
“On January 13, 2025, we discovered that we were the victim of a cyber incident that impacted a limited portion of our network,” the statement said. “Our investigation determined that an unauthorized third party gained access to our environment from October 21, 2024 to January 13, 2025 and obtained certain files.”
SafePay claims responsibility for attack
Examine the data,The file claims malicious actors stole data on more than 10 million people.
Conduent is a major government contractor, reportedly working with more than 600 government entities worldwide, including those at the state, local and federal levels.
It also serves the majority of Fortune 100 companies and operates large-scale transportation and tolling systems. In fact, it claims to support “6 of the 10 largest U.S. toll systems” through toll transaction processing infrastructure.
The information stolen varies from state to state and person to person. The file says that in Texas, more than 400,000 people were affected, whose Social Security numbers (SSN), medical information and health insurance data were all exposed.
People were also exposed in Washington (76,000), South Carolina (48,000) and New Hampshire (10,000).
“Upon discovery of the incident, we safely restored our systems and operations and notified law enforcement,” the company said. “This compromise was quickly contained and our technology environment is currently considered free of known malicious activity, as confirmed by our third-party security experts.”
A ransomware operation known as SafePay took responsibility for this attack, claiming to have stolen 8.5TB of data. SafePay isn’t as popular as LockBit or RansomHub, but it has hit a few prominent names, including Ingram Micro.
Via The file
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
