US government contractor Conduent says hackers were able to steal some client files
The January 2025 breach resulted in a data breach, Conduent confirms to the US government.
- Conduent has filed a new 8-K form with the SEC
- It noted a January 2025 breach and said some customer data was taken
- So far, no groups assumed responsibility for the attack
Conduent Incorporated, an American business process services company, has confirmed suffering a cyberattack and a data breach in a new filing with the US Securities and Exchange Commission (SEC).
In a new 8-K form, Conduent said that in mid-January 2025, it experienced an “operational disruption” caused by unauthorized access from a threat actor. The attackers allegedly accessed a “limited portion” of the company’s environment, and remained there for days (in some cases, for hours, Conduent said)
Earlier reports said the attack happened after a “third-party system compromise on an operating system”.
Monitor your credit score with TransUnion starting at $29.95/month
TransUnion is a credit monitoring service that helps you stay on top of your financial health. With real-time alerts, credit score tracking, and identity theft protection, it ensures you never miss important changes. You'll benefit from a customizable online interface with clear insights into your credit profile. Businesses also benefit from TransUnion’s advanced risk assessment tools.
Preferred partner (What does this mean?)View Deal
Supply chain attack
While the attack did not have a material impact on the company’s operations, it did result in the theft of sensitive data.
Conduent offers a range of services, including transaction processing, automation, and analytics, across various sectors such as healthcare, transportation, and government.
Some of its biggest clients include the US Secret Service, District of Columbia Medicaid, and others. It serves hundreds of government and transportation organizations.
In the attack, the threat actors stole data generated by Conduent’s clients: “As part of its ongoing investigation, the company determined that the threat actor exfiltrated a set of files associated with a limited number of the company’s clients,” the filing reads.
“Due to the complexity of the files, the Company engaged cybersecurity data mining experts to evaluate the exfiltrated data and was recently informed of its nature, scope and validity, confirming that the data sets contained a significant number of individuals’ personal information associated with our clients' end-users.”
At press time, no groups assumed responsibility for the attack, and the data has not yet leaked on the dark web.
According to BleepingComputer, this is not Conduent’s first incident, as the company also suffered a data breach in 2020, when the Maze ransomware group managed to encrypt the company’s devices and steal corporate data.
Via BleepingComputer
You might also like
- Software supply chains are coming under attack more than ever
- Take a look at our guide to the best authenticator app
- We've rounded up the best password managers
![How to Find Low-Competition Keywords with Semrush [Super Easy]](https://static.semrush.com/blog/uploads/media/73/62/7362f16fb9e460b6d58ccc09b4a048b6/how-to-find-low-competition-keywords-sm.png)
