Conduent, a leading U.S. government contractor managing critical public services (e.g., Medicaid, child support, food assistance, and toll systems), suffered a **cyberattack** lasting nearly **three months** (October 2024–January 2025). Hackers, later identified as the **SafePay ransomware group**, exfiltrated **8.5 terabytes of data**, compromising **personal information of over 10 million individuals** across multiple states, including **Social Security numbers, medical records, and health insurance details**. The breach disrupted operations, causing **system outages** in states like Wisconsin, where beneficiaries couldn’t process payments for welfare programs. While Conduent claims no evidence of data misuse or dark web publication yet, the scale of the theft—affecting **400,000+ in Texas alone**—poses long-term risks of **identity theft, fraud, and exploitation of public benefit systems**. The company restored operations after containing the breach but faces scrutiny over its cybersecurity preparedness, given its role in handling **$85 billion in annual disbursements** and supporting **100 million residents** through government programs.
Source: https://www.foxnews.com/tech/10-million-americans-hit-government-contractor-data-breach
Conduent cybersecurity rating report: https://www.rankiteo.com/company/conduent
"id": "CON2192421111425",
"linkid": "conduent",
"type": "Cyber Attack",
"date": "10/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': '10+ million individuals',
'industry': 'Public Sector Services (Technology & '
'Payment Systems)',
'location': 'United States',
'name': 'Conduent',
'size': 'Large (supports ~100 million residents; '
'processes $85B in annual disbursements)',
'type': 'Government Contractor'},
{'customers_affected': '400,000+ individuals',
'industry': 'Public Health & Welfare',
'location': 'Texas, USA',
'name': 'Texas State Government',
'type': 'State Agency'},
{'industry': 'Public Health & Welfare',
'location': 'Washington, USA',
'name': 'Washington State Government',
'type': 'State Agency'},
{'industry': 'Public Health & Welfare',
'location': 'South Carolina, USA',
'name': 'South Carolina State Government',
'type': 'State Agency'},
{'industry': 'Public Health & Welfare',
'location': 'New Hampshire, USA',
'name': 'New Hampshire State Government',
'type': 'State Agency'},
{'industry': 'Public Health & Welfare',
'location': 'Maine, USA',
'name': 'Maine State Government',
'type': 'State Agency'},
{'industry': 'Public Health & Welfare',
'location': 'Oregon, USA',
'name': 'Oregon State Government',
'type': 'State Agency'},
{'industry': 'Public Health & Welfare',
'location': 'Massachusetts, USA',
'name': 'Massachusetts State Government',
'type': 'State Agency'},
{'industry': 'Public Health & Welfare',
'location': 'California, USA',
'name': 'California State Government',
'type': 'State Agency'},
{'industry': 'Public Health & Welfare',
'location': 'Wisconsin, USA',
'name': 'Wisconsin State Government',
'type': 'State Agency'}],
'attack_vector': 'Third-party compromise (initial access)',
'customer_advisories': ['Monitor accounts for fraudulent activity',
'Enable two-factor authentication (2FA)',
'Use password managers and antivirus software',
'Consider identity theft protection services',
'Check for exposed data via personal removal '
'services'],
'data_breach': {'data_exfiltration': 'Confirmed (8.5 terabytes stolen)',
'number_of_records_exposed': '10+ million',
'personally_identifiable_information': ['Social Security '
'numbers',
'Medical records',
'Health insurance '
'details',
'State program '
'beneficiary data'],
'sensitivity_of_data': 'High (SSNs, medical records, health '
'insurance details)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)',
'Financial Data']},
'date_detected': 'January 2025',
'date_publicly_disclosed': 'April 2025 (via SEC Form 8-K filing)',
'description': "Hackers infiltrated Conduent's systems for nearly three "
'months (October 21, 2024 – January 2025), exposing personal '
'information linked to over 10 million people across U.S. '
'state-level programs such as Medicaid, child support, food '
'assistance, and toll systems. The SafePay ransomware group '
'claimed responsibility, alleging the theft of 8.5 terabytes '
'of data, including Social Security numbers, medical records, '
'and health insurance details. Conduent confirmed the '
'exfiltration but stated no evidence of data being published '
'online or misused. The breach caused operational disruptions, '
'including downtime for critical public services in multiple '
'states.',
'impact': {'brand_reputation_impact': 'High (handling sensitive government '
'data for 100 million residents)',
'customer_complaints': 'Expected (dedicated call center '
'established for inquiries)',
'data_compromised': ['Social Security numbers',
'Medical records',
'Health insurance details',
'Personal information linked to state '
'programs (Medicaid, child support, food '
'assistance, toll systems)'],
'downtime': 'Several days (disrupted services in multiple states, '
'e.g., Wisconsin child support/welfare payments)',
'identity_theft_risk': 'High (SSNs and medical records exposed)',
'legal_liabilities': 'Potential (notifications sent to affected '
'individuals; SEC filing made)',
'operational_impact': 'Critical public service disruptions (e.g., '
'inability to process payments for child '
'support, welfare programs)',
'payment_information_risk': 'Moderate (financial data linked to '
'state disbursement programs)',
'systems_affected': ['Payment processing systems',
'Customer service interactions',
'State government program databases']},
'initial_access_broker': {'data_sold_on_dark_web': 'No evidence (as of latest '
'update)',
'entry_point': 'Third-party compromise',
'high_value_targets': ['State Medicaid programs',
'Child support systems',
'Food assistance databases',
'Toll payment systems'],
'reconnaissance_period': 'Potentially from October '
'21, 2024 (intrusion '
'start) to January 2025 '
'(detection)'},
'investigation_status': 'Ongoing (no evidence of data misuse or dark web '
'publication as of latest update)',
'lessons_learned': 'Need for stricter cybersecurity oversight in government '
'contractor systems; long-term risks of data exfiltration '
'(identity theft, fraud in public benefit systems); '
'importance of rapid incident response and transparency.',
'motivation': ['Financial Gain', 'Data Theft'],
'post_incident_analysis': {'corrective_actions': ['Network security hardening',
'Enhanced forensic analysis '
'capabilities',
'Improved incident response '
'coordination with state '
'partners'],
'root_causes': ['Third-party vulnerability '
'exploitation',
'Insufficient detection of '
'prolonged network infiltration']},
'ransomware': {'data_exfiltration': 'Yes (8.5 TB)',
'ransom_paid': 'No',
'ransomware_strain': 'SafePay'},
'recommendations': ['Enhance third-party risk management',
'Implement continuous monitoring for anomalous activity',
'Strengthen data encryption and access controls',
'Expand employee training on phishing/social engineering',
'Develop faster breach notification protocols'],
'references': [{'date_accessed': '2025',
'source': 'Fox News – CyberGuy Report',
'url': 'https://www.foxnews.com/tech/conduent-data-breach-scale-impact'},
{'date_accessed': '2025',
'source': 'Conduent SEC Form 8-K Filing (April 2025)'}],
'regulatory_compliance': {'regulatory_notifications': ['SEC Form 8-K filing',
'State-level '
'notifications to '
'affected '
'individuals']},
'response': {'communication_strategy': ['SEC filing (Form 8-K)',
'Notification letters to affected '
'individuals',
'Public statements'],
'containment_measures': ['Network isolation',
'System restoration'],
'incident_response_plan_activated': 'Yes (secured networks, '
'restored systems, notified '
'law enforcement)',
'law_enforcement_notified': 'Yes',
'recovery_measures': ['Operational restoration',
'Dedicated call center for affected '
'individuals'],
'remediation_measures': ['Detailed analysis of exfiltrated files',
'Identification of exposed personal '
'information'],
'third_party_assistance': 'Yes (cybersecurity experts, forensics '
'team for data analysis)'},
'stakeholder_advisories': 'Notifications sent to affected individuals; '
'dedicated call center established',
'threat_actor': 'SafePay ransomware group',
'title': 'Conduent Data Breach (2024-2025)',
'type': ['Data Breach', 'Ransomware Attack']}