Conduent Data Breach Exposes Up to 25 Million in Massive U.S. Cyberattack
A medical data breach initially affecting 10.5 million individuals has escalated into one of the largest cybersecurity incidents of 2025, potentially compromising the personal data of up to 25 million people across the U.S., including 15 million in Texas alone. The breach targeted Conduent, a business services provider, with unauthorized access occurring between October 21, 2024, and January 13, 2025, when the intrusion was discovered.
The ransomware group SafePlay claimed responsibility, exposing highly sensitive information, including full legal names, addresses, Social Security numbers, health insurance details, and medical records data that could be exploited for identity theft. The incident underscores a broader trend: cybercriminals are increasingly leveraging stolen credentials to infiltrate accounts undetected, with credential theft surging 160% year-over-year in 2025, according to Check Point researchers.
While Conduent has not confirmed the full scope of the breach, the fallout highlights the persistent risks of credential reuse and delayed attack detection. Even if stolen data isn’t immediately exploited, exposed email addresses or passwords can serve as entry points for future attacks, with threat actors often probing additional services weeks or months later. The breach serves as a stark reminder of the vulnerabilities in third-party service providers and the cascading impact of large-scale data exposures.
Source: https://www.cnet.com/tech/services-and-software/conduent-data-breach-lock-down-your-online-accounts/
Conduent cybersecurity rating report: https://www.rankiteo.com/company/conduent
"id": "CON1772152083",
"linkid": "conduent",
"type": "Ransomware",
"date": "10/2024",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Up to 25 million individuals',
'industry': 'Healthcare, Business Services',
'location': 'U.S.',
'name': 'Conduent',
'type': 'Business services provider'}],
'attack_vector': 'Stolen credentials',
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': 'Up to 25 million',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Full legal names',
'Addresses',
'Social Security numbers',
'Health insurance details',
'Medical records']},
'date_detected': '2025-01-13',
'description': 'A medical data breach initially affecting 10.5 million '
'individuals escalated into one of the largest cybersecurity '
'incidents of 2025, potentially compromising the personal data '
'of up to 25 million people across the U.S., including 15 '
'million in Texas alone. The breach targeted Conduent, a '
'business services provider, with unauthorized access '
'occurring between October 21, 2024, and January 13, 2025. The '
'ransomware group SafePlay claimed responsibility, exposing '
'highly sensitive information, including full legal names, '
'addresses, Social Security numbers, health insurance details, '
'and medical records.',
'impact': {'brand_reputation_impact': 'High',
'data_compromised': 'Personal data of up to 25 million individuals',
'identity_theft_risk': 'High'},
'initial_access_broker': {'entry_point': 'Stolen credentials'},
'lessons_learned': 'The incident underscores the persistent risks of '
'credential reuse and delayed attack detection. Exposed '
'email addresses or passwords can serve as entry points '
'for future attacks, with threat actors often probing '
'additional services weeks or months later.',
'motivation': 'Financial gain, Data exfiltration',
'post_incident_analysis': {'root_causes': 'Credential theft, delayed '
'detection'},
'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'SafePlay'},
'references': [{'source': 'Check Point Research'}],
'threat_actor': 'SafePlay',
'title': 'Conduent Data Breach Exposes Up to 25 Million in Massive U.S. '
'Cyberattack',
'type': 'Data Breach, Ransomware'}