- Conduent has filed a new 8-k form with the dry
- He noted a violation of January 2025 and said that certain customer data had been taken
- Until now, no group has assumed the responsibility of the attack
Conduent Incorporated, an American company service for commercial processes, has confirmed the suffering of a cyber attack and a data violation in a new file with the Securities and Exchange Commission (SEC) of the United States.
In a new 8-K form, Conduent said that in the middle of January 2025, he experienced an “operational disturbance” caused by unauthorized access to a threat actor. The attackers would have reached a “limited part” of the company’s environment and will remain there for days (in some cases, for hours, said Conduent)
Previous reports have indicated that the attack occurred after a “compromise of a third party system on an operating system”.
Supply chain attack
Although the attack did not have a material impact on the operations of the company, it led to the theft of sensitive data.
Conduent offers a range of services, including processing, automation and analysis, in various sectors such as health care, transport and government.
Some of its greatest customers include American secret services, the Columbia Medicaid and others district. He serves hundreds of government and transport organizations.
In the attack, threat stakeholders have stolen data generated by Conduent customers: “As part of its current investigation, the company determined that the threat player has exfiltrated a set of files associated with a limited number of company customers,” said the file.
“Due to the complexity of the files, the company has initiated experts from the exploration of cybersecurity data to assess exfiltrated data and has recently been informed of its nature, scope and validity, confirming that data sets contained a significant number of personal information from individuals associated with the end users of our customers.”
At the time of the press, no group has assumed the responsibility of the attack, and the data has not yet disclosed on the Dark Web.
According to Bleeping CompomputeThis is not Conduent’s first incident, as the company also underwent a data violation in 2020, when the Labyrinth Ransomware group managed to encrypt the company’s devices and steal business data.
Via Bleeping Compompute
