Conduent A.I CyberSecurity Scoring
Conduent
Company Information
Website:https://www.conduent.com
Employees number:37,668
Number of followers:536,543
NAICS:5416
Industry Type:Business Consulting and Services
Homepage:conduent.com
Conduent Risk Score (AI oriented)
Between 0 and 549
ConduentBusiness Consulting and Services
Updated:
19/06/2026
19/06/2026
100/1000
Critical
C
Conduent Global Score (TPRM)
xxxx
ConduentBusiness Consulting and Services
Score locked

ConduentCritical
Current Score
100C (CRITICAL)
01000
20 incidents
0 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
100
JUNE 2026
100
MAY 2026
100
APRIL 2026
100
Cyber Attack
20 Apr 2026 • Conduent
Conduent: Investigation into BCBS data breach moves forward
BCBSMT Data Breach Affecting 462,000 Members
100
CRITICAL0
CON1776790111
Montana Judge Greenlights Investigation into BCBSMT Data Breach Affecting 462,000 Members
A Montana state district judge in Helena has ruled in favor of the Montana State Auditor’s Office, allowing its investigation into a data breach at Blue Cross Blue Shield of Montana (BCBSMT) to proceed. Judge Chris Abbott dismissed a lawsuit filed by BCBSMT’s parent company, Health Care Service Corporation (HCSC), which had challenged the auditor’s authority to probe the incident.
The breach, disclosed in October, exposed the personal data of up to 462,000 BCBSMT members roughly one-third of Montana’s population after a cyber incident at Conduent, a third-party vendor. The auditor’s office, led by State Auditor James Brown, launched an investigation to determine whether BCBSMT complied with state laws requiring timely breach notifications.
HCSC argued that BCBSMT was exempt from Montana’s reporting requirements under federal law, citing a pre-October 1 effective date for House Bill 60 a 2023 law that closed the exemption loophole. The company contended its July 1 discovery of the breach and September 23 assessment fell outside the new law’s scope, calling its notification to the auditor’s office a "courtesy." However, Judge Abbott ruled that the company must first complete the administrative process before challenging the investigation in court.
The auditor’s office held a public hearing in January, with a hearing examiner now expected to resume work on findings, including potential violations and penalties. Brown emphasized the state’s commitment to enforcing privacy protections, stating the ruling allows the investigation to move forward without further delay. A final decision on compliance and any enforcement actions will rest with the auditor’s office.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
MARCH 2026
100
Breach
04 Mar 2026 • Conduent
Conduent Business Services: On Your Side: Conduent Data Breach: What to do if you got a letter
Conduent Data Breach Exposes Millions of Americans’ Personal Information
100
CRITICAL0
CON1772670434
Conduent Data Breach Exposes Millions of Americans’ Personal Information
Millions of Americans have received breach notification letters from Conduent Business Services, a printing and mailing provider, after hackers accessed its systems between October 21, 2024, and January 13, 2025. The stolen data including names, addresses, and Social Security numbers originated from Conduent’s clients, primarily current or former healthcare providers, though specific organizations were not disclosed.
Conduent stated it has found no evidence of misuse but is actively monitoring the situation. The breach highlights a growing trend: the Identity Theft Resource Center reported a record 3,322 data breaches in the U.S. in 2025, a 79% increase over the past five years.
Matt Powell, Executive Director of the Missouri Cybersecurity Center of Excellence, noted that victims often feel powerless, as breaches frequently occur through third-party vendors rather than direct user error. While the immediate threat may not be apparent, Powell warned that stolen data could remain dormant for months or years before being exploited.
Affected individuals were offered free credit monitoring for one year, with enrollment required by April 30, 2025. Powell recommended these services, particularly those with insurance coverage, which can provide financial protection in cases of fraud. He also suggested credit freezes as an additional safeguard.
Conduent attributed the year-long delay in notifications to the complexity of analyzing compromised files, a process that required extensive review before disclosures could be made. The incident underscores the persistent risks of supply chain vulnerabilities in cybersecurity.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
FEBRUARY 2026
100
Cyber Attack
09 Feb 2026 • Conduent
Apple: Beware of Apple Pay Phishing Attack that Aims to Steal Your Payment Details
Sophisticated Vishing Campaign Targets Apple Pay Users in Phishing Scam
100
CRITICAL0
APP1770616335
Sophisticated Vishing Campaign Targets Apple Pay Users in Phishing Scam
A highly convincing phishing campaign is actively targeting Apple Pay users, employing deceptive emails and phone-based social engineering to steal financial and login credentials. The attack, analyzed by Malwarebytes, begins with a fraudulent email mimicking an official Apple receipt, complete with the company’s logo, a fabricated case ID, and a timestamp. The message warns of a blocked high-value purchase such as a 2025 MacBook Air and urges the recipient to call a provided support number if the alleged "appointment" to review the fraud is inconvenient.
Unlike traditional phishing schemes that rely on malicious links, this campaign uses vishing (voice phishing) to manipulate victims over the phone. When contacted, scammers posing as Apple’s fraud department follow a scripted conversation, initially verifying harmless details like partial phone numbers before escalating to requests for Apple ID two-factor authentication (2FA) codes. In real time, attackers use these codes to hijack accounts, gaining access to stored data, photos, and linked payment methods.
The scam’s effectiveness lies in its psychological tactics leveraging urgency, brand trust, and fabricated transaction details to bypass skepticism. Researchers emphasize that Apple never schedules fraud reviews via email or demands callbacks, and official communications always originate from verified Apple domains. Victims who fall for the scheme risk full account compromise, with attackers potentially draining linked credit cards or locking users out of their devices.
The campaign underscores the growing sophistication of social engineering attacks, where human manipulation not technical exploits remains the primary vector for financial theft.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
FEBRUARY 2026
100
Ransomware
05 Feb 2026 • Conduent
Conduent, Delaware and Texas: Massive Data Breach at Conduent Exposes Millions Across US States
Massive Conduent Data Breach Exposes Tens of Millions Across U.S. States
100
CRITICAL0
CONTEXDEL1770338879
Massive Conduent Data Breach Exposes Tens of Millions Across U.S. States
A cyberattack on government technology contractor Conduent has resulted in a far larger data breach than initially reported, potentially affecting tens of millions of Americans. The incident, first disclosed in April 2024, occurred after hackers disrupted the company’s systems, causing widespread outages in government services.
Newly released data reveals that 15.4 million people in Texas nearly half the state’s population had their personal information compromised, a sharp increase from the 4 million initially reported in October. In Oregon, 10.5 million individuals were affected, while hundreds of thousands more in Delaware, Massachusetts, New Hampshire, and other states also had their data exposed. The stolen information includes names, Social Security numbers, medical records, and health insurance details.
Conduent, a major provider of government and corporate technology services, processes sensitive data for over 100 million people through healthcare programs and other public-sector contracts. Despite the scale of the breach, the company has not confirmed the total number of affected individuals or whether the incident impacted more than 100 million people. A spokesperson declined to answer key questions, including how many breach notifications have been sent.
The Safeway ransomware group claimed responsibility for the attack, asserting it exfiltrated over 8 terabytes of data. In an SEC filing, Conduent acknowledged that the stolen datasets contained personal information of end users but did not provide a clear timeline for completing notifications, stating only that the process would continue into early 2026. The full extent of the breach and its long-term impact remain unclear.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
JANUARY 2026
100
Ransomware
21 Jan 2026 • Conduent
Conduent and Volvo Group North America: Nearly 17,000 Volvo staff dinged in supplier breach
Volvo Employees Hit by Massive Third-Party Data Breach at Conduent
100
CRITICAL0
CONVOL1770724357
Volvo Employees Hit by Massive Third-Party Data Breach at Conduent
Nearly 17,000 Volvo Group North America employees had their personal data exposed after cybercriminals breached Conduent, a major outsourcing provider handling workforce benefits and back-office services. The incident, disclosed in a filing with the Maine Attorney General, affected 16,991 individuals across the U.S., including three in Maine.
Attackers gained access to Conduent’s systems between October 21, 2024, and January 13, 2025, exfiltrating files tied to employees’ current or former health plans. Conduent detected the intrusion in January 2025, secured its systems, and launched a forensic investigation. However, Volvo only confirmed its workforce was impacted on January 21, 2026 a year after the breach was initially discovered illustrating the prolonged fallout of vendor-related incidents.
The exposed data included names, with additional details varying by individual, though Conduent has not specified what other information was compromised. While there is no evidence the stolen data has been misused, affected employees were offered identity monitoring services.
The breach extends far beyond Volvo. Regulators continue to revise victim totals as Conduent and its clients analyze the full scope, with recent filings suggesting tens of millions of Americans may be affected. Conduent’s role in managing systems for Medicaid, unemployment programs, child support services, and employer benefits amplifies the breach’s reach.
The attack has been attributed to the SafePay ransomware group, which claims to have stolen multiple terabytes of data, though Conduent has not confirmed the attribution. The incident underscores the risks of prolonged unauthorized access, with attackers lingering in systems handling sensitive personal data for nearly three months.
This is not Volvo’s first third-party breach. In 2024, the automaker warned employees of exposed personal data after ransomware attackers targeted Miljödata, a Swedish HR software supplier, compromising names and Social Security numbers. That attack was claimed by the DataCarry ransomware group.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
JANUARY 2026
100
Ransomware
15 Jan 2026 • Conduent
Conduent, DaVita, Sanrio, Oracle and Asahi Group: Global ransomware attacks rose 32% in 2025, as manufacturers emerged as top target
Global Ransomware Attacks Surge 32% in 2025, With Manufacturing and U.S. Organizations Hit Hardest
100
CRITICAL0
CONDAVORASANASA1770645741
Global Ransomware Attacks Surge 32% in 2025, With Manufacturing and U.S. Organizations Hit Hardest
In 2025, global ransomware attacks reached 7,419 incidents, marking a 32% increase from the 5,631 recorded in 2024, according to a report by Comparitech. Of these, 1,173 attacks were confirmed by targeted organizations, while the remaining were claimed by ransomware groups via data leak sites. Collectively, the confirmed attacks breached 59.2 million records, though this figure is expected to rise as delayed reports emerge.
### Key Trends and Sector Impacts
- Manufacturing saw the sharpest rise in attacks, surging 56% to 1,466 incidents, with average ransom demands more than doubling from $523,000 in 2024 to $1.2 million in 2025.
- Legal firms experienced a 54% increase in attacks, alongside a 60% jump in ransom demands, averaging $610,000.
- Healthcare and education saw stable attack volumes, with only 2% increases in incidents, suggesting a potential shift in attacker focus or improved defenses in these sectors.
### Geographic Breakdown
The U.S. remained the most targeted country, accounting for 3,810 attacks (51% of the global total), a 33% increase from 2024. Other heavily affected nations included:
- Canada: 392 attacks (31% increase)
- Germany: 303 attacks (62% increase)
- U.K.: 251 attacks (5% decrease)
- France: 178 attacks (39% increase)
- South Korea: 64 attacks (540% increase), driven largely by attacks on asset management firms following Qilin’s breach of a third-party provider.
### Ransomware Groups and Data Theft
- Qilin was the most active group, responsible for 1,034 attacks (14% of the total), including 172 confirmed incidents. The group claimed to have stolen 31.2 petabytes of data, primarily from a single U.S. manufacturer.
- Akira ranked second with 765 attacks, while SafePay was linked to the largest number of breached records (16.15 million), nearly all from its attack on Conduent.
- DragonForce exposed 6.5 million records, mostly from its attack on the U.K.’s Co-operative Group, which resulted in £206 million ($276 million) in lost revenue.
### Notable Breaches in 2025
- Conduent (U.S.): 15.9 million records exposed in a SafePay attack, with 8.5 terabytes of data allegedly stolen.
- Episource (U.S.): 5.4 million records compromised in an unidentified ransomware attack.
- University of Phoenix (U.S.): 3.49 million records breached via a Clop attack exploiting an Oracle zero-day vulnerability.
- DaVita (U.S.): 2.69 million records exposed in an Interlock attack, with 1.5 terabytes of data stolen.
- Sanrio (Japan): 2 million records affected.
- Asahi Group (Japan): 1.9 million records compromised.
### Sector-Specific Trends
- Businesses bore the brunt of attacks (6,292 incidents, 35% increase), with 43 million records exposed in confirmed cases. Average ransom demands held steady at $1.09 million.
- Government entities faced 374 attacks (27% increase), with 2.19 million records compromised. Ransom demands fell 15% to $1.55 million.
- Healthcare saw 444 attacks (2% increase), with 10.1 million records exposed. Ransom demands plummeted 84% to $615,000.
- Education recorded 252 attacks (2% increase), with 3.9 million records breached. Ransom demands dropped 34% to $457,200.
The data underscores a strategic shift in ransomware targeting, with attackers prioritizing high-value commercial and public-sector entities while maintaining pressure on traditionally vulnerable sectors. Despite the surge in attacks, average ransom demands declined overall, dropping 26% to $1.04 million. However, select industries particularly manufacturing and legal services saw significant increases in both attack frequency and ransom demands.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
DECEMBER 2025
100
NOVEMBER 2025
100
Breach
07 Nov 2025 • Conduent
Conduent Business Services LLC
Conduent Monthslong Data Breach and Class Action Lawsuits
100
CRITICAL0
CON0962609110725
Conduent Business Services LLC faced a prolonged data breach exposing sensitive personal and health information of individuals, leading to multiple class-action lawsuits in New Jersey federal court. The breach allegedly stemmed from inadequate security measures, allowing unauthorized access to confidential data over an extended period. The compromised information likely included personally identifiable information (PII) and protected health information (PHI), heightening risks of identity theft, financial fraud, and reputational harm for affected individuals. The lawsuits accuse Conduent of negligence in safeguarding data, failing to detect or mitigate the breach promptly, and not providing timely notifications to victims. The incident underscores systemic vulnerabilities in the company’s cybersecurity framework, with potential long-term consequences for customer trust, regulatory compliance, and financial stability. The breach’s duration and the nature of the exposed data suggest a high-severity impact, particularly given the involvement of health records, which are highly regulated and sensitive.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
OCTOBER 2025
100
SEPTEMBER 2025
100
AUGUST 2025
100
JUNE 2025
100
Breach
16 Jun 2025 • Conduent
Conduent
Conduent Health Data Breach and F5 Nation-State Hack
100
CRITICAL0
CON5792357110725
Conduent, a New Jersey-based business process outsourcing firm, suffered the largest known health data breach of 2025, exposing sensitive healthcare records. The incident triggered multiple post-hack lawsuits and regulatory investigations, with severe reputational and financial repercussions. The breach compromised personal and medical data of countless individuals, leading to potential identity theft, fraud, and legal liabilities. The fallout includes operational disruptions, loss of client trust, and escalating compliance penalties. Given the scale of the breach—affecting healthcare data—it poses long-term risks to affected patients, including exposure of protected health information (PHI) and potential misuse by malicious actors. The company faces mounting legal costs, reputational damage, and possible contractual terminations from partners wary of further vulnerabilities. The breach underscores systemic failures in cybersecurity governance, amplifying scrutiny from regulators and stakeholders.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
MAY 2025
100
Ransomware
01 May 2025 • Conduent
Conduent Incorporated
Conduent Data Breach
100
CRITICAL0
CON2293322103125
The Conduent data breach, attributed to the SafePay ransomware group, compromised the sensitive personal and financial data of over 10.5 million individuals across multiple U.S. states. The incident exposed vulnerabilities in Conduent’s cybersecurity framework, leading to severe reputational damage, investor distrust, and a 36% stock decline over the past year. The breach’s financial and operational fallout includes potential legal penalties from regulatory bodies (e.g., FTC), class-action lawsuits from affected individuals, and long-term erosion of client confidence. The exposed data—likely including identities and financial records—heightens risks of identity theft, fraud, and financial exploitation. Market volatility, evidenced by a daily stock drop of 0.216%, reflects immediate financial repercussions, while upcoming earnings reports (November 7, 2025) may further clarify the breach’s economic toll. The incident underscores systemic failures in data protection, demanding urgent reforms to mitigate future threats and restore stakeholder trust.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
FEBRUARY 2025
100
Breach
01 Feb 2025 • Conduent
Montana Blue Cross-Blue Shield (Montana BCBS)
Montana Blue Cross-Blue Shield Vendor Data Breach
100
CRITICAL0
HCS1202712111125
Montana Blue Cross-Blue Shield (Montana BCBS), the largest insurance carrier in Montana, experienced a severe data breach through one of its vendors. The breach lasted several months and was discovered in February but only reported to the Montana Commissioner of Securities and Insurance in October. It exposed the financial information and medical records of over 460,000 Montanans, including sensitive health and personal data. The breach posed significant risks of identity theft, financial fraud, and unauthorized access to private health records. In response, the Commissioner’s office deployed an AI-powered tool to assist affected residents in safeguarding their data, freezing credit, and monitoring for identity theft. A class-action lawsuit has also been filed by impacted residents. The breach involved a third-party vendor, highlighting vulnerabilities in supply chain security and the potential for large-scale exposure of highly sensitive personal and health data.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
JANUARY 2025
100
Breach
13 Jan 2025 • Conduent
Conduent and Montana Blue Cross-Blue Shield: Montana BCBS claims insurance commissioner targeting it because of data breach
Montana’s Largest Data Breach Sparks Legal Battle Between BCBS and State Regulators
100
CRITICAL0
CONHCS1769138618
Montana’s Largest Data Breach Sparks Legal Battle Between BCBS and State Regulators
Montana Blue Cross-Blue Shield (BCBS), the state’s largest health insurer, is locked in a dispute with the Montana Commissioner of Securities and Insurance (CSI) over its handling of a massive data breach the largest in state history. The breach, traced to third-party vendor Conduent, exposed the personal data of 462,356 individuals, including names, addresses, and Social Security numbers, affecting roughly one in three Montana residents.
The conflict centers on the timeline of BCBS’s response. Conduent detected the breach on January 13, 2025, and notified BCBS four days later. However, BCBS claims it only discovered its own data was compromised in July, nearly six months later. The insurer did not alert the CSI until October 8 and began notifying customers on October 24, with some notifications still ongoing as recently as last week.
State officials argue the delay violated Montana’s data breach notification laws, which require insurers to report incidents within a "reasonable" timeframe though the law does not define the term. Deputy Insurance Commissioner Erin Snyder testified that a months-long gap was unreasonable, while BCBS attorneys countered that the company fulfilled its obligations by eventually informing regulators and customers.
During a contested hearing, BCBS accused the CSI of unfairly targeting it, noting that other companies affected by the same Conduent breach faced no disciplinary action. Snyder acknowledged the office was investigating the broader incident but had not pursued hearings against the other four entities, citing a far smaller impact (~200 people).
The CSI has since implemented an AI-powered triage tool costing $10,000 to manage the surge in breach-related inquiries. However, regulators say they still lack a final report from BCBS detailing the full scope and cause of the breach, leaving critical questions unanswered. As the legal battle continues, the fallout highlights gaps in breach response protocols and regulatory oversight.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
Cyber Attack
13 Jan 2025 • Conduent
Conduent
Conduent Cyber Incident - January 2025
100
LOW0
CON956091725
On February 19, 2025, Conduent disclosed a cyber incident that took place on January 13, 2025. The company promptly engaged Kroll, a leading cybersecurity firm, to conduct a forensic investigation into the potential data impacts of the breach. Preliminary findings confirmed that no client data was compromised during the attack, and there was no evidence of unauthorized access to sensitive information. Conduent successfully restored and secured all affected systems, with no further malicious activity detected post-incident. While the nature of the attack was not explicitly detailed, the lack of data exfiltration or operational disruption suggests the incident was contained before significant harm could occur. The company’s swift response and transparency in reporting the event helped mitigate reputational risks, though the incident itself highlights ongoing vulnerabilities in enterprise cybersecurity defenses. No ransom demands, system outages, or financial losses were reported, reinforcing the limited scope of the breach.
IMPACT
REFERENCES
JANUARY 2025
100
Ransomware
01 Jan 2025 • Conduent
Conduent: Data breach at govtech giant Conduent balloons, affecting millions more Americans
Massive Conduent Data Breach Exposes Personal Data of Over 25 Million Americans
100
CRITICAL0
CON1770309774
Massive Conduent Data Breach Exposes Personal Data of Over 25 Million Americans
A January 2025 ransomware attack on government technology contractor Conduent has compromised the personal data of at least 25.9 million individuals across the U.S., far exceeding initial estimates. The breach, which disrupted the company’s operations for days, has now been confirmed to impact 15.4 million people in Texas nearly half the state’s population up from the 4 million initially reported in October. An additional 10.5 million Oregonians are affected, along with hundreds of thousands in Delaware, Massachusetts, New Hampshire, and other states.
The stolen data includes names, Social Security numbers, medical records, and health insurance information, exposing victims to potential identity theft and fraud. Conduent, a major government contractor serving over 100 million Americans through healthcare and administrative programs, has provided limited details about the incident. The company disclosed the attack in April 2025, months after hackers infiltrated its systems, causing outages in government services nationwide.
The Safeway ransomware gang claimed responsibility, alleging they exfiltrated 8 terabytes of data. In an SEC filing, Conduent acknowledged the breach involved "a significant number of individuals’ personal information" tied to its corporate and government clients. While the company is still analyzing the scope of the breach, it expects to complete notifications to affected individuals by early 2026, though no precise timeline has been provided.
Conduent has not confirmed whether the breach affects more than 100 million people, despite its vast user base. The company has yet to disclose how many breach notifications it has sent or provide further details on the attack’s origins. The incident underscores the growing risk of ransomware targeting critical infrastructure and third-party vendors handling sensitive data.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
OCTOBER 2024
535
Breach
21 Oct 2024 • Conduent
Conduent Business Solutions
UK Probes Whether Chinese-Made Electric Buses Can Be Remotely DisabledNorth Korean Hackers Remotely Wipe Android Devices in South KoreaConduent Updates Cost of January 2025 Cyberattack to $50 MillionHyundai Discloses Data Breach Affecting 2.7 Million IndividualsMicrosoft November Patch Tuesday Addresses 63 Vulnerabilities, Including Zero-DayOWASP Updates Top 10 Web Application Vulnerabilities with Two New Categories
100
CRITICAL-435
CON3703037111425
Back-office services provider Conduent disclosed a cyberattack in January 2025 that exposed data of 10.5 million individuals, primarily from healthcare insurance clients like Blue Cross Blue Shield of Montana (462,000 members affected). The breach, active from October 21, 2024, to January 13, 2025, involved unauthorized access to a 'limited portion' of its IT environment, with attackers exfiltrating files tied to multiple clients. Financial fallout includes $50 million spent ($25M on incident response, $25M on breach notifications), alongside 12 class-action lawsuits, regulatory investigations (e.g., Montana), and warnings of potential litigation, reputational harm, and regulatory penalties. The company admitted the attack could adversely impact its financial condition, with ongoing risks from data theft, legal actions, and operational disruptions. No ransomware was confirmed, but the scale of exposed personal and health data suggests severe long-term consequences for affected individuals and partner organizations.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
Ransomware
21 Oct 2024 • Conduent
Conduent: Conduent Data Breach Could Affect 25M People. Learn How to Protect Your Online Accounts
Conduent Data Breach Exposes Up to 25 Million in Massive U.S. Cyberattack
100
CRITICAL-435
CON1772152083
Conduent Data Breach Exposes Up to 25 Million in Massive U.S. Cyberattack
A medical data breach initially affecting 10.5 million individuals has escalated into one of the largest cybersecurity incidents of 2025, potentially compromising the personal data of up to 25 million people across the U.S., including 15 million in Texas alone. The breach targeted Conduent, a business services provider, with unauthorized access occurring between October 21, 2024, and January 13, 2025, when the intrusion was discovered.
The ransomware group SafePlay claimed responsibility, exposing highly sensitive information, including full legal names, addresses, Social Security numbers, health insurance details, and medical records data that could be exploited for identity theft. The incident underscores a broader trend: cybercriminals are increasingly leveraging stolen credentials to infiltrate accounts undetected, with credential theft surging 160% year-over-year in 2025, according to Check Point researchers.
While Conduent has not confirmed the full scope of the breach, the fallout highlights the persistent risks of credential reuse and delayed attack detection. Even if stolen data isn’t immediately exploited, exposed email addresses or passwords can serve as entry points for future attacks, with threat actors often probing additional services weeks or months later. The breach serves as a stark reminder of the vulnerabilities in third-party service providers and the cascading impact of large-scale data exposures.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
JUNE 2024
578
Cyber Attack
16 Jun 2024 • Conduent
Conduent
Cyberattack on Georgia’s SNAP Benefits Call Center Operated by Conduent
515
CRITICAL-63
CON1965119090625
Hackers targeted Georgia’s SNAP benefits call center, operated by Conduent, via a cyberattack on its interactive voice response (IVR) system using bots. The attack disrupted services, forcing system downtime over the weekend and again on Tuesday, while attempting to improperly access EBT account information (including benefit balances). Though unconfirmed, the breach aligns with broader international crime ring activities cloning POS terminals to steal hundreds of millions in taxpayer-funded SNAP benefits—with a 350% fraud surge in Q4 2024. Authorities urged cardholders to change PINs and lock accounts via Conduent’s ConnectEBT app, highlighting systemic vulnerabilities in third-party benefit distribution systems. The incident compounds ongoing EBT scams where funds vanish within minutes across multiple states, often through unauthorized retailers. Conduent acknowledged 'unusual call spikes' but avoided confirming a breach, citing generic fraud prevention measures like 'intelligent voice detection.'
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
JANUARY 2024
699
Breach
01 Jan 2024 • Conduent
Conduent Business Services, Alpine ENT and HP: Conduent Breach Becomes One of 2024’s Largest, Affecting 15.5 Million
Conduent Data Breach
560
CRITICAL-139
HPECONCAL1770382364
Conduent Breach Ranks Among 2024’s Largest, Exposing 15.5 Million Individuals
Conduent Business Services, a U.S.-based IT and business services provider, confirmed a 2024 data security incident that compromised the sensitive personal information of approximately 15.5 million people, making it one of the year’s most significant breaches. The company disclosed the incident without specifying the exact timeline or attack vector, though the scale underscores the growing threat of large-scale data exposures in enterprise environments.
The breach adds to a rising trend of high-profile cyber incidents in 2024, including ransomware attacks, supply chain compromises, and state-backed espionage campaigns. While Conduent has not released further details on the nature of the exposed data, such incidents typically involve personally identifiable information (PII), financial records, or healthcare-related data, heightening risks of identity theft and fraud for affected individuals.
The disclosure follows other major breaches this year, including Iron Mountain’s ransomware attack by the Everest group and allegations of a 90GB data theft from HP’s Poly Network. The incident also coincides with increased scrutiny of cybersecurity practices in critical sectors, from healthcare (e.g., Alpine ENT’s breach affecting 65,000) to government-linked software vulnerabilities, such as the exploitation of ArcGIS by state-backed hackers.
As organizations grapple with evolving threats, the Conduent breach serves as a reminder of the persistent challenges in safeguarding large-scale data repositories against sophisticated adversaries.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
Ransomware
01 Jan 2024 • Conduent
Capcom, Coinbase, Hertz, Conduent, Insight Partners, Pinellas County, Arapahoe County and Lincoln Parish: U.S. Government & Enterprise
Ransomware Data Breaches Surge: A Systemic Crisis Targeting U.S. Governments and Enterprises (2024–2026)
560
CRITICAL-139
PINCOICONARACAPLINTHETHE1781023070
Ransomware Data Breaches Surge: A Systemic Crisis Targeting U.S. Governments and Enterprises (2024–2026)
Ransomware attacks have evolved into a dual threat: not only do they encrypt critical systems, but they also exfiltrate sensitive data, turning operational disruptions into full-scale data breaches. This "double-extortion" model where attackers demand payment to both unlock systems and suppress stolen data has become the dominant tactic among ransomware groups, forcing victims into a no-win scenario. The consequences are particularly severe for U.S. government entities, which now account for a disproportionate share of confirmed incidents globally, according to the Cybersecurity and Infrastructure Security Agency (CISA).
### The Anatomy of a Ransomware Data Breach
Modern ransomware attacks follow a predictable pattern:
1. Initial Access: Attackers gain entry via phishing, exposed Remote Desktop Protocol (RDP) ports, or unpatched VPN vulnerabilities tactics that account for over 70% of intrusions.
2. Dwell Time: Threat actors lurk inside networks for days or weeks, conducting reconnaissance, escalating privileges, and systematically copying high-value data.
3. Exfiltration: Before encrypting files, attackers steal sensitive information personal data, financial records, or intellectual property to use as leverage.
4. Encryption & Extortion: The final stage: systems are locked, and victims face demands for payment to restore access and prevent public leaks.
The encryption itself is often a distraction; the real damage lies in the stolen data. Even organizations that restore from backups remain legally obligated to notify affected individuals if exfiltration is suspected a requirement that regulators enforce aggressively, regardless of whether the ransom is paid.
### Government Entities Under Siege
Local governments, counties, and municipal agencies have become prime targets due to a perfect storm of vulnerabilities:
- Legacy Infrastructure: Aging systems, unpatched software, and flat network architectures create easy entry points.
- Underfunded IT Security: Many agencies allocate less than 5% of their IT budgets to cybersecurity, lacking dedicated security teams or 24/7 monitoring.
- Public Records Obligations: Unlike private companies, governments cannot conceal breaches. Outages, audit findings, and breach notifications become public record, making concealment nearly impossible.
Ransomware groups like LockBit, BlackCat/ALPHV, Cl0p, Qilin, and Rhysida have explicitly targeted government networks, exploiting predictable architectures and stretched IT staff. For affiliates operating under the ransomware-as-a-service (RaaS) model, these environments offer longer dwell times, slower detection, and higher pressure to pay making them reliable, low-resistance targets.
### A Nationwide Crisis: Documented Incidents by State
The scale of the problem is staggering. Between 2024 and 2026, ransomware breaches have been confirmed in every U.S. state, with particularly severe concentrations in:
- California: Over 50 cities and counties, including Fresno, Pasadena, Riverside, and Irvine.
- Florida: Bradenton, Orlando, Boca Raton, and 20+ other municipalities, with Pinellas and Sarasota Counties among the hardest hit.
- Colorado: Arapahoe County, Jefferson County, and 15+ others, including rural mountain communities.
- Georgia: Cherokee County, Sandy Springs, and Decatur, with incidents spanning urban and rural areas.
- Massachusetts & Connecticut: Over 20 towns, including Brockton, Lynn, and Brookline, reflecting the vulnerability of small municipal governments.
- Idaho, Kentucky, Louisiana: Multiple counties, with incidents in Jefferson County (ID) triggering a FEMA disaster declaration one of the first cases where ransomware qualified for federal emergency relief.
In Louisiana, breaches in Lincoln Parish and De Soto Parish led to indictments and fiscal emergency declarations, illustrating how ransomware can cascade into broader governance failures. Meanwhile, Virginia’s independent cities like Herndon and Poquoson faced breaches tied to state auditor reviews, highlighting the legal and political fallout of underreporting.
### The Private Sector: High-Stakes Breaches with Cascading Impact
While government entities dominate headlines, enterprise ransomware breaches often carry even greater financial and operational risks:
- Conduent: A breach at the business process services firm exposed sensitive data for millions of benefit recipients, demonstrating how third-party vendors amplify breach risks.
- Coinbase: Attackers stole customer data (including government IDs) and demanded $20 million in extortion mirroring ransomware tactics without deploying encryption.
- Insight Partners: A breach at the venture capital firm risked exposing confidential data across its entire portfolio of tech companies.
- Hertz: Fell victim to Cl0p’s mass exploitation of Cleo file transfer software, exposing driver’s license numbers and payment data.
- Capcom: The 2020 Ragnar Locker attack resulted in 1TB of stolen data, including unreleased game materials and employee records.
These incidents underscore a critical trend: supply chain vulnerabilities whether through vendors, software exploits, or insider threats are now a primary attack vector. A single breach can ripple across dozens of dependent organizations, as seen in the UKG Kronos attack, which exposed Puma employee data despite Puma having no direct relationship with the compromised platform.
### Legal and Compliance Fallout
Ransomware breaches trigger a complex web of obligations:
- State Laws: All 50 states require notification when personal data is accessed, with timelines ranging from 30 to 90 days. California and New York impose additional requirements, including AG notifications for breaches affecting over 500 residents.
- Federal Frameworks: HIPAA presumes ransomware incidents are reportable breaches unless organizations prove low risk of data compromise. CIRCIA (Cyber Incident Reporting for Critical Infrastructure Act) mandates 72-hour reporting for critical infrastructure entities, with ransom payments due within 24 hours.
- Regulatory Enforcement: Failure to report can lead to audits, fines, and criminal referrals. In Louisiana, state auditors flagged multiple parishes for mishandling breaches, while Iowa’s Algona and Michigan’s Oceana County saw indictments tied to incident response failures.
### Why Paying the Ransom Doesn’t Work
Despite the pressure to pay, ransom payments offer no guarantees:
- No Data Deletion: Attackers frequently publish stolen data even after payment, either due to internal disputes or because the data was already sold.
- No Legal Protection: Payment does not absolve organizations of breach notification obligations. Regulators treat exfiltration as a reportable event regardless of ransom outcomes.
- Funding Future Attacks: The FBI and CISA warn that ransom payments fuel further criminal activity, with some groups re-targeting victims who paid in the past.
### The Path Forward: Detection and Resilience
The only reliable defense against ransomware breaches is proactive monitoring and resilient backups:
- Dark Web Monitoring: Detects stolen data on leak sites, criminal forums, and credential marketplaces often before victims are aware of a breach.
- Offline, Immutable Backups: The 3-2-1-1-0 rule (three copies, two media types, one offsite, one offline, zero unverified backups) is the gold standard for recovery.
- Incident Response Planning: Containment, evidence preservation, and notification must be practiced before an attack. Forensic investigations should prioritize log retention (30–90 days pre-incident) to reconstruct attacker activity.
### Conclusion
The ransomware crisis is no longer confined to isolated incidents it is a systemic, nationwide threat reshaping cybersecurity priorities for governments and enterprises alike. With exfiltration now the default tactic, every ransomware attack is a potential data breach, carrying legal, financial, and reputational consequences that extend far beyond the initial encryption. As attackers refine their methods and target the most vulnerable sectors, the question is not if an organization will be hit, but when and whether it will be prepared to respond.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
JUNE 2020
739
Ransomware
01 Jun 2020 • Conduent
Conduent
Conduent Ransomware Attack
623
CRITICAL-116
CON2405322
The operations of Conduent in Europe were disrupted by a ransomware attack and data related to customer audits was breached in the incident.
The data stolen in the attack was apparently posted by the Maze ransomware group on its Dark web page.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
JUNE 2017
750
Cyber Attack
16 Jun 2017 • Conduent
Conduent Business Solutions
Conduent Data Breach (October 2024)
714
CRITICAL-36
CON4502645110525
Conduent, a publicly traded company spun off from Xerox in 2017, suffered a cyberattack in October 2024 that compromised personal and health data of 10.5 million individuals, including names, Social Security numbers, medical records, and health insurance details. The breach, attributed to the SafePay ransomware gang, involved 8.5 TB of stolen data, with the group threatening to leak it. Affected entities include major insurers (Blue Cross Blue Shield of Montana, Texas, Humana, Premera) and state agencies (Wisconsin DCF, Oklahoma DHS—though the latter denied impact). Conduent delayed disclosure for nearly 10 months, sparking nine federal class-action lawsuits alleging negligence in data security. The incident disrupted services, triggered regulatory probes (e.g., Montana’s investigation into delayed notifications), and forced Conduent to offer credit monitoring to victims. The breach ranks among the largest health data breaches of 2025, with potential systemic risks to insurers and government services.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for Conduent ??
What was Conduent's A.I Rankiteo Cyber Score in June 2026 ??
What was Conduent's A.I Rankiteo Cyber Score in May 2026 ??
What was Conduent's A.I Rankiteo Cyber Score in April 2026 ??
What was Conduent's A.I Rankiteo Cyber Score in March 2026 ??
What was Conduent's A.I Rankiteo Cyber Score in February 2026 ??
What was Conduent's A.I Rankiteo Cyber Score in January 2026 ??
What was Conduent's A.I Rankiteo Cyber Score in December 2025 ??
What was Conduent's A.I Rankiteo Cyber Score in November 2025 ??
What was Conduent's A.I Rankiteo Cyber Score in October 2025 ??
What was Conduent's A.I Rankiteo Cyber Score in September 2025 ??
What was Conduent's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on Conduent's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with Conduent ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view Conduent's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?