Conduent, a publicly traded company spun off from Xerox in 2017, suffered a **cyberattack in October 2024** that compromised **personal and health data of 10.5 million individuals**, including names, Social Security numbers, medical records, and health insurance details. The breach, attributed to the **SafePay ransomware gang**, involved **8.5 TB of stolen data**, with the group threatening to leak it. Affected entities include major insurers (**Blue Cross Blue Shield of Montana, Texas, Humana, Premera**) and state agencies (**Wisconsin DCF, Oklahoma DHS—though the latter denied impact**). Conduent delayed disclosure for **nearly 10 months**, sparking **nine federal class-action lawsuits** alleging negligence in data security. The incident disrupted services, triggered regulatory probes (e.g., **Montana’s investigation into delayed notifications**), and forced Conduent to offer **credit monitoring to victims**. The breach ranks among the **largest health data breaches of 2025**, with potential systemic risks to insurers and government services.
Source: https://www.bankinfosecurity.com/lawsuits-investigations-piling-up-in-conduent-hack-a-29929
TPRM report: https://www.rankiteo.com/company/conduent
"id": "con4502645110525",
"linkid": "conduent",
"type": "Cyber Attack",
"date": "6/2017",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': '10.52 million individuals',
'industry': ['Business Process Outsourcing',
'Healthcare Administration',
'Government Services'],
'location': 'New Jersey, USA',
'name': 'Conduent Business Solutions',
'size': '$3.4B revenue (2024), operates in 22 '
'countries',
'type': 'Publicly Traded Company'},
{'customers_affected': '462,000 members',
'industry': 'Healthcare',
'location': 'Montana, USA',
'name': 'Blue Cross Blue Shield of Montana',
'type': 'Health Insurer'},
{'industry': 'Healthcare',
'location': 'Texas, USA',
'name': 'Blue Cross Blue Shield of Texas',
'type': 'Health Insurer'},
{'industry': 'Healthcare',
'location': 'Kentucky, USA',
'name': 'Humana',
'type': 'Health Insurer'},
{'industry': 'Healthcare',
'location': 'Washington, USA',
'name': 'Premera Blue Cross',
'type': 'Health Insurer'},
{'industry': 'Public Sector',
'location': 'Wisconsin, USA',
'name': 'Wisconsin Department of Children and Families',
'type': 'State Government Agency'},
{'customers_affected': '0 (no impact confirmed)',
'industry': 'Public Sector',
'location': 'Oklahoma, USA',
'name': 'Oklahoma Department of Human Services',
'type': 'State Government Agency'}],
'attack_vector': ['Network Intrusion',
'Exploitation of Vulnerabilities (unspecified)'],
'customer_advisories': ['Conduent: Notified affected individuals directly '
'(timing unclear)',
'Premera: Offered 2 years of credit '
'monitoring/identity protection'],
'data_breach': {'data_exfiltration': 'Yes (8.5 TB allegedly stolen by '
'SafePay)',
'number_of_records_exposed': '10.52 million',
'personally_identifiable_information': ['Names',
'Social Security '
'Numbers',
'Medical Information',
'Health Insurance '
'Details'],
'sensitivity_of_data': 'High (SSNs, medical/health insurance '
'data)',
'type_of_data_compromised': ['PII (Personally Identifiable '
'Information)',
'PHI (Protected Health '
'Information)']},
'date_detected': '2024-10-21',
'date_publicly_disclosed': '2025-04',
'description': 'Publicly traded Conduent, a business services provider spun '
'off from Xerox in 2017, experienced a data breach in October '
'2024 that compromised personal and health information of over '
'10.5 million individuals. The breach, attributed to the '
'SafePay ransomware gang, led to multiple class-action '
'lawsuits, regulatory investigations, and notifications to '
'affected entities, including insurers (e.g., Blue Cross Blue '
'Shield, Humana, Premera) and state agencies (e.g., Wisconsin '
'DCF). The incident involved unauthorized access between '
'October 21, 2024, and January 13, 2025, with 8.5 TB of data '
'allegedly exfiltrated. Conduent reported the breach to '
'regulators in April 2025, facing criticism for delayed '
'disclosure.',
'impact': {'brand_reputation_impact': ['Negative publicity due to delayed '
'disclosure (10 months)',
'Loss of trust from clients and '
'affected individuals'],
'customer_complaints': ['Multiple class-action lawsuits filed (9+ '
'as of 2025-10-27)',
'Investigations by law firms and state '
'regulators (e.g., Montana)'],
'data_compromised': ['Names',
'Social Security Numbers',
'Medical Information',
'Health Insurance Information'],
'downtime': {'description': 'Operational disruption reported on '
'2025-01-13; duration of unauthorized '
'access unknown.',
'end': '2025-01-13',
'start': '2024-10-21'},
'identity_theft_risk': ['High (SSNs and medical data exposed)',
'Complimentary credit monitoring offered '
'to affected Premera members'],
'legal_liabilities': ['Proposed federal class-action lawsuits '
'(negligence claims)',
'Potential regulatory fines (HIPAA '
'violations under investigation)'],
'operational_impact': ['Disruption of services for state agencies '
'(e.g., Oklahoma DHS)',
'Administrative support outages for '
'insurers'],
'systems_affected': ["Conduent's Network (limited portion)",
'Third-Party Vendor Systems (e.g., '
'administrative services for Premera)']},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes (alleged by SafePay)',
'high_value_targets': ['Health insurance data',
'State agency client data']},
'investigation_status': 'Ongoing (class-action lawsuits, Montana regulator '
'probe, potential HIPAA investigation)',
'motivation': ['Financial Gain', 'Data Theft/Extortion'],
'post_incident_analysis': {'root_causes': ['Failure to implement reasonable '
'data security measures (per '
'lawsuits)',
'Delayed detection/containment '
'(October 2024–January 2025)']},
'ransomware': {'data_exfiltration': 'Yes (8.5 TB)',
'ransomware_strain': 'SafePay'},
'references': [{'source': 'Information Security Media Group (ISMG)'},
{'source': 'Conduent Breach Notice'},
{'date_accessed': '2025-04',
'source': 'U.S. Securities and Exchange Commission (SEC) '
'Filing'},
{'date_accessed': '2025-02',
'source': 'Ransomware.live (Darkweb Monitoring)'}],
'regulatory_compliance': {'legal_actions': ['9+ class-action lawsuits (as of '
'2025-10-27)',
'Montana state regulator '
'investigation'],
'regulations_violated': ['Potential HIPAA '
'violations (under '
'investigation)',
'State data breach '
'notification laws '
'(delayed disclosure)'],
'regulatory_notifications': ['SEC filing (April '
'2025)',
'State regulator '
'reports (e.g., '
'Oklahoma, '
'Wisconsin)']},
'response': {'communication_strategy': ["Breach notice on Conduent's website",
'SEC filing (April 2025)',
'State regulator notifications '
'(delayed)'],
'containment_measures': ['Secured affected systems (per '
"Premera's statement)",
'Dark web monitoring for exfiltrated '
'data'],
'incident_response_plan_activated': 'Yes (as of 2025-01-13)',
'law_enforcement_notified': 'Yes',
'remediation_measures': ['Credit monitoring/identity protection '
'for Premera members (2 years)',
'Direct notifications to affected '
'individuals']},
'stakeholder_advisories': ['Premera Blue Cross: Clarified no breach of their '
'systems; offered credit monitoring',
'Oklahoma DHS: Confirmed no impact to their data'],
'threat_actor': 'SafePay Ransomware Gang',
'title': 'Conduent Data Breach (October 2024)',
'type': ['Data Breach', 'Ransomware Attack', 'Unauthorized Access']}