Conduent Confirms Data Breach Exposing Over 10 Million People
Business process outsourcing company Conduent has verified a major data breach that compromised personal information belonging to over 10 million individuals. The intrusion reportedly started in October 2024 and remained undetected until January 2025, when disruptions were noticed by several state agencies, including the Wisconsin Child Support Trust Fund.
Investigations revealed that cybercriminals had access to Conduent’s systems for nearly three months. The stolen data included names, Social Security numbers, birth dates, medical information, and health insurance details.
“Although Conduent initially found no evidence of misuse, it admitted there remains a high risk of identity theft and financial fraud.”
The company has already spent approximately US $25 million addressing the breach and continues to face legal and reputational consequences.
Suspected Ransomware Involvement
Cybersecurity analysts suspect the attack was executed by a ransomware group. In February 2025, the SafePay collective claimed responsibility, stating it had exfiltrated 8.5 terabytes of data and would release or sell it unless Conduent complied with its demands.
Impacted Clients and Agencies
- Blue Cross Blue Shield in Montana and Texas
- Several U.S. state agencies
The breach highlights the growing vulnerability of outsourcing firms managing sensitive government and healthcare data.
Author’s Summary
Conduent’s 2024–2025 data breach compromised personal data of over 10 million people, triggering financial, legal, and reputational fallout linked to ransomware activity.