Conduent, a major government contractor, reported this week that a cybersecurity breach earlier this year compromised the personal information of over 10 million individuals across multiple states. The attack, which allowed hackers to access the company’s network from October 21 until January 13, led to the theft of sensitive files linked to Conduent’s operations in various U.S. states.
According to breach notification documents filed by Conduent, the incident was discovered earlier in January, prompting the company to restore its systems safely and notify law enforcement. Conduent holds numerous contracts with state governments, providing essential technology services for Medicaid, child support, food assistance programs, and toll collection. The firm manages approximately $85 billion in government payments annually and handles 2.3 billion customer interactions each year.
A company spokesperson confirmed that formal breach notification letters are being sent to all affected individuals, and a dedicated call center has been established to answer any questions regarding the incident. The breach has impacted more than 400,000 individuals in Texas, with exposed data including Social Security numbers, medical information, and health insurance details. Additional affected states include Washington, South Carolina, New Hampshire, and Maine.
The breach was initially reported when Wisconsin’s Department of Children and Families alerted residents about system disruptions affecting their payment processing capabilities. Many individuals reported difficulties in making essential payments due to outages that affected both electronic transfers and EBT services.
In a previous statement to Recorded Future News, Conduent acknowledged a third-party compromise led to operational disruptions, clarifying that the incident was contained swiftly. Furthermore, the company reported that the necessary recovery efforts caused several days of operational impact.
Financially, Conduent revealed a revenue of $754 million for the last fiscal quarter, with $2 million allocated to investigating and responding to the January cyber event. In February, the cybercriminal group known as SafePay claimed responsibility for the attack and reported stealing 8.5 TB of data.
The company assured stakeholders that to its knowledge, the exfiltrated information has not been released on the dark web or made publicly available. They are collaborating with cybersecurity experts to understand the nature and scope of the data breach, while also noting that their cyber insurance policy will help cover part of the costs incurred in responding to the incident, with federal law enforcement involved in the investigation.
Despite the challenges presented by the cyber incident, Conduent remains committed to safeguarding personal information and enhancing its cybersecurity measures to prevent similar occurrences in the future.