Conduent Company CyberSecurity Posture

conduent.com
ISOSOC2 Type 1SOC2 Type 2PCI DSSHIPAAGDPR

Conduent delivers digital business solutions and services spanning the commercial, government and transportation spectrum – creating valuable outcomes for its clients and the millions of people who count on them. We leverage cloud computing, artificial intelligence, machine learning, automation and advanced analytics to deliver mission-critical solutions. Through a dedicated global team of approximately 55,000 associates, process expertise and advanced technologies, our solutions and services digitally transform our clients’ operations to enhance customer experiences, improve performance, increase efficiencies and reduce costs. We drive progress in every process for our client including disbursing approximately $100 billion in government payments annually, enabling 2.3 billion customer service interactions annually, empowering millions of employees through HR services every year and processing nearly 13 million tolling transactions every day. Learn more at www.conduent.com

Conduent A.I CyberSecurity Scoring

Conduent

Company Details

Linkedin ID:

conduent

Website:

https://www.conduent.com

Employees number:

36,834

Number of followers:

523,798

NAICS:

5415

Industry Type:

IT Services and IT Consulting

Homepage:

conduent.com

IP Addresses:

Scan still pending

Company ID:

CON_3224842

Scan Status:

In-progress

AI scoreConduent Risk Score (AI oriented)

Between 0 and 549

https://images.rankiteo.com/companyimages/conduent.jpeg
Conduent IT Services and IT Consulting
Updated:
  • Powered by our proprietary A.I cyber incident model
  • Insurance preferes TPRM score to calculate premium
globalscoreConduent Global Score (TPRM)

XXXX

https://images.rankiteo.com/companyimages/conduent.jpeg
Conduent IT Services and IT Consulting
  • Instant access to detailed risk factors
  • Benchmark vs. industry & size peers
  • Vulnerabilities
  • Findings

Conduent

Critical
Current Score
166
C (Critical)
01000
9 incidents
-99.5 avg impact

Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.

DECEMBER 2025
166
NOVEMBER 2025
220
Breach
07 Nov 2025 • Conduent Business Services LLC
Conduent Monthslong Data Breach and Class Action Lawsuits

Conduent Business Services LLC faced a **prolonged data breach** exposing **sensitive personal and health information** of individuals, leading to multiple **class-action lawsuits** in New Jersey federal court. The breach allegedly stemmed from **inadequate security measures**, allowing unauthorized access to confidential data over an extended period. The compromised information likely included **personally identifiable information (PII) and protected health information (PHI)**, heightening risks of identity theft, financial fraud, and reputational harm for affected individuals. The lawsuits accuse Conduent of **negligence in safeguarding data**, failing to detect or mitigate the breach promptly, and not providing timely notifications to victims. The incident underscores systemic vulnerabilities in the company’s cybersecurity framework, with potential long-term consequences for **customer trust, regulatory compliance, and financial stability**. The breach’s duration and the nature of the exposed data suggest a **high-severity impact**, particularly given the involvement of health records, which are highly regulated and sensitive.

154
critical -66
CON0962609110725
Incident Details -
Type
Data Breach Class Action Lawsuits
Impact
Sensitive Personal Information Health Information Customer Complaints: Multiple (Class Action Lawsuits Filed) Brand Reputation Impact: Negative (Litigation and Public Scrutiny) Legal Liabilities: Class Action Lawsuits in New Jersey Federal Court Identity Theft Risk: High (Sensitive Personal Information Exposed)
Data Breach
Personal Information Health Information Sensitivity Of Data: High
Regulatory Compliance
Legal Actions: Class Action Lawsuits
Investigation Status
['Ongoing (Litigation in Progress)']
Post Incident Analysis
Root Causes: Alleged Failure to Adequately Protect Sensitive Data
References
Blog URL Source URL
OCTOBER 2025
218
SEPTEMBER 2025
205
AUGUST 2025
192
JULY 2025
179
JUNE 2025
225
Breach
16 Jun 2025 • Conduent
Conduent Health Data Breach and F5 Nation-State Hack

Conduent, a New Jersey-based business process outsourcing firm, suffered the largest known health data breach of 2025, exposing sensitive healthcare records. The incident triggered multiple post-hack lawsuits and regulatory investigations, with severe reputational and financial repercussions. The breach compromised personal and medical data of countless individuals, leading to potential identity theft, fraud, and legal liabilities. The fallout includes operational disruptions, loss of client trust, and escalating compliance penalties. Given the scale of the breach—affecting healthcare data—it poses long-term risks to affected patients, including exposure of protected health information (PHI) and potential misuse by malicious actors. The company faces mounting legal costs, reputational damage, and possible contractual terminations from partners wary of further vulnerabilities. The breach underscores systemic failures in cybersecurity governance, amplifying scrutiny from regulators and stakeholders.

159
critical -66
CON5792357110725
Incident Details -
Type
Cybercrime Cyberwarfare / Nation-State Attacks Data Breach
Motivation
Espionage (F5 source code theft) Financial gain (Conduent breach) Activism (hacktivist attacks on critical infrastructure)
Impact
Health data (Conduent breach) Source code (F5 breach) Operational Impact: Federal response delayed due to U.S. government shutdown (F5 breach) Brand Reputation Impact: Significant (Conduent facing lawsuits and investigations) Legal Liabilities: Lawsuits filed against Conduent
Response
Law Enforcement Notified: Likely (given nation-state involvement in F5 breach)
Data Breach
Health data (Conduent) Source code (F5) Sensitivity Of Data: High (health data and proprietary source code) Data Exfiltration: Confirmed (F5 source code theft) Personally Identifiable Information: Likely (health data breach)
Regulatory Compliance
Legal Actions: Lawsuits filed against Conduent
Investigation Status
['Ongoing (Conduent lawsuits and F5 breach response delayed by government shutdown)']
Initial Access Broker
F5 source code Conduent health data
References
Blog URL Source URL
MAY 2025
452
Ransomware
01 May 2025 • Conduent Incorporated
Conduent Data Breach

The Conduent data breach, attributed to the **SafePay ransomware group**, compromised the sensitive personal and financial data of **over 10.5 million individuals** across multiple U.S. states. The incident exposed vulnerabilities in Conduent’s cybersecurity framework, leading to severe reputational damage, investor distrust, and a **36% stock decline** over the past year. The breach’s financial and operational fallout includes potential **legal penalties from regulatory bodies (e.g., FTC)**, class-action lawsuits from affected individuals, and long-term erosion of client confidence. The exposed data—likely including identities and financial records—heightens risks of **identity theft, fraud, and financial exploitation**. Market volatility, evidenced by a **daily stock drop of 0.216%**, reflects immediate financial repercussions, while upcoming earnings reports (November 7, 2025) may further clarify the breach’s economic toll. The incident underscores systemic failures in data protection, demanding urgent reforms to mitigate future threats and restore stakeholder trust.

206
critical -246
CON2293322103125
Incident Details -
Type
Data Breach Ransomware Attack
Motivation
Financial Gain Data Theft
Impact
Personal Details Financial Details Brand Reputation Impact: Significant reputational damage, reflected in stock decline and investor caution Legal Liabilities: Potential investigations by FTC and state authorities; possible legal actions from affected individuals Identity Theft Risk: High (due to exposure of personal and financial data) Payment Information Risk: High
Data Breach
Personal Information Financial Information Number Of Records Exposed: 10.5 million Sensitivity Of Data: High Data Exfiltration: Yes Personally Identifiable Information: Yes
Regulatory Compliance
Potential investigations by FTC and state authorities Possible lawsuits from affected individuals
Lessons Learned
The breach underscores the need for robust cybersecurity frameworks, especially for companies handling large volumes of sensitive data. Proactive measures, such as enhanced monitoring, incident response planning, and regulatory compliance, are critical to mitigating risks and maintaining stakeholder trust.
Recommendations
Strengthen cybersecurity measures to prevent future breaches Implement stricter data protection strategies Enhance transparency in communication with stakeholders and affected individuals Prepare for regulatory scrutiny and potential legal actions Monitor market and investor sentiment closely, especially ahead of earnings announcements
Investigation Status
['Ongoing (potential investigations by FTC and state authorities)']
References
Blog URL Source URL
APRIL 2025
452
MARCH 2025
445
FEBRUARY 2025
438
JANUARY 2025
448
Cyber Attack
13 Jan 2025 • Conduent
Conduent Cyber Incident - January 2025

On February 19, 2025, Conduent disclosed a cyber incident that took place on January 13, 2025. The company promptly engaged Kroll, a leading cybersecurity firm, to conduct a forensic investigation into the potential data impacts of the breach. Preliminary findings confirmed that **no client data was compromised** during the attack, and there was no evidence of unauthorized access to sensitive information. Conduent successfully restored and secured all affected systems, with no further malicious activity detected post-incident. While the nature of the attack was not explicitly detailed, the lack of data exfiltration or operational disruption suggests the incident was contained before significant harm could occur. The company’s swift response and transparency in reporting the event helped mitigate reputational risks, though the incident itself highlights ongoing vulnerabilities in enterprise cybersecurity defenses. No ransom demands, system outages, or financial losses were reported, reinforcing the limited scope of the breach.

428
low -20
CON956091725
Incident Details -
Impact
Data Compromised: None (initial analysis indicates client data was not affected)
Response
Third Party Assistance: Kroll (investigation) Remediation Measures: Systems restored and secured
Investigation Status
['Ongoing (Kroll investigating potential data impacts)']
References
Blog URL Source URL
OCTOBER 2024
629
Breach
21 Oct 2024 • Conduent Business Solutions
['UK Probes Whether Chinese-Made Electric Buses Can Be Remotely Disabled', 'North Korean Hackers Remotely Wipe Android Devices in South Korea', 'Conduent Updates Cost of January 2025 Cyberattack to $50 Million', 'Hyundai Discloses Data Breach Affecting 2.7 Million Individuals', 'Microsoft November Patch Tuesday Addresses 63 Vulnerabilities, Including Zero-Day', 'OWASP Updates Top 10 Web Application Vulnerabilities with Two New Categories']

Back-office services provider **Conduent** disclosed a cyberattack in January 2025 that exposed data of **10.5 million individuals**, primarily from healthcare insurance clients like **Blue Cross Blue Shield of Montana (462,000 members affected)**. The breach, active from **October 21, 2024, to January 13, 2025**, involved unauthorized access to a 'limited portion' of its IT environment, with attackers exfiltrating files tied to multiple clients. Financial fallout includes **$50 million spent** ($25M on incident response, $25M on breach notifications), alongside **12 class-action lawsuits**, regulatory investigations (e.g., Montana), and warnings of potential **litigation, reputational harm, and regulatory penalties**. The company admitted the attack could adversely impact its financial condition, with ongoing risks from **data theft, legal actions, and operational disruptions**. No ransomware was confirmed, but the scale of exposed **personal and health data** suggests severe long-term consequences for affected individuals and partner organizations.

430
critical -199
CON3703037111425
Incident Details -
Type
Supply Chain Risk / Remote Access Vulnerability Cyber Espionage / Remote Wipe Attack Data Breach / Unauthorized Access Data Breach / Unauthorized Access Vulnerability Disclosure / Patch Management Vulnerability Framework Update
Attack Vector
Telematics/Battery Management System Exploitation Social Engineering (KakaoTalk spear-phishing) + Google Find Hub Abuse Network Intrusion (initial vector unspecified) Network Intrusion (initial vector unspecified) N/A (Vulnerability patches) N/A (Framework update)
Vulnerability Exploited
Remote-access features in Yutong buses (SIM-enabled systems) Google Find Hub (legitimate feature abused for remote wipe)
Motivation
Potential state-sponsored sabotage (unconfirmed) Espionage (targeting defectors and South Korean entities) Financial gain (data theft) / Unknown Unknown (potentially data theft) N/A N/A
Impact
$50 million (incident response + notifications) Personal data (remote wipe) + KakaoTalk account hijacking Files associated with healthcare clients (10.5M individuals) PII (names, SSNs, driver’s license numbers) of 2.7M individuals 2,500+ Yutong electric buses (UK) Android devices (South Korea, including smartphones/tablets) Conduent IT environment (limited portion) Hyundai AutoEver America systems Windows, Office, Azure, Visual Studio, etc. Oct 21, 2024 – Jan 13, 2025 (access period) Feb 22 – Mar 2, 2025 (access period) Potential remote disablement of buses Disrupted communications (KakaoTalk) + data loss Operational disruption (Jan 13, 2025) Potential (litigation, reputational harm) Class action lawsuits (12+ proposed) Potential distrust in Chinese-manufactured vehicles Erosion of trust in Google/KakaoTalk security Reputational harm (healthcare sector) Reputational risk (automotive sector) Regulatory investigations (e.g., Montana) + lawsuits High (10.5M individuals) High (2.7M individuals)
Response
Yes (UK DfT + NCSC probe) Yes (Conduent) Yes (Hyundai) Yes (Microsoft Patch Tuesday) Genians (cybersecurity firm, attributed attack) Attackers ejected (Jan 13, 2025) Attackers ejected (Mar 2, 2025) Investigation ongoing Breach notifications + legal/regulatory responses Data breach notices Security patches deployed Public probe announcement (The Guardian) Genians public report Regulatory filings + breach notifications Breach disclosure Patch Tuesday bulletin OWASP announcement
Data Breach
Personal data (remote wipe) + account credentials Client files (healthcare data) PII (names, SSNs, driver’s license numbers) 10.5 million 2.7 million High (personal + communication data) High (healthcare PII) High (PII) Yes (files exfiltrated) Unconfirmed Yes (via Google accounts) Yes (healthcare PII) Yes (SSNs, driver’s licenses)
Regulatory Compliance
Potential HIPAA (healthcare data) 12+ class action lawsuits + state investigations (e.g., Montana) Yes (e.g., Montana BCBS disclosure) Breach notices
Lessons Learned
Supply chain risks in IoT/vehicle telematics require stricter oversight. Legitimate device-management features (e.g., Find Hub) can be weaponized; MFA and behavioral monitoring are critical. Prolonged network access (3+ months) underscores need for continuous threat detection and faster incident response. Unconfirmed exfiltration highlights challenges in breach attribution and impact assessment. Zero-day exploitation (CVE-2025-62215) reinforces urgency of patch management for privilege escalation flaws. Supply chain and vulnerability disclosure gaps demand proactive dependency management and transparent reporting.
Recommendations
Mandate third-party audits for IoT/vehicle remote-access capabilities; enforce air-gapped controls for critical functions. Disable or restrict Google Find Hub for high-risk users; implement hardware-based authentication for account recovery. Enhance EDR/XDR to detect lateral movement; conduct tabletop exercises for healthcare data breaches. Deploy endpoint detection for PII access anomalies; offer credit monitoring to affected individuals. Prioritize patching for elevation-of-privilege vulnerabilities; test mitigations for use-after-free flaws in Office. Adopt SBOMs for software supply chains; automate vulnerability disclosure workflows with SLAs.
Investigation Status
Ongoing (UK probe) Attributed to Konni/APT37 (Genians) Ongoing (litigation/regulatory) Disclosed (no further updates) Patches released Framework published
Customer Advisories
KakaoTalk security alerts (via Genians) Conduent breach letters + credit monitoring offers Hyundai identity protection services
Stakeholder Advisories
UK DfT/NCSC warnings to transport operators Genians advisory to South Korean organizations Conduent notifications to healthcare clients Hyundai notices to affected individuals Microsoft guidance for sysadmins OWASP guidance for developers
Initial Access Broker
KakaoTalk spear-phishing July 2024 (phishing campaign start) North Korean defectors’ counselors Healthcare insurance data
Post Incident Analysis
Lack of supply chain cybersecurity standards for vehicle telematics. Over-reliance on single-factor authentication (Google accounts) + abuse of legitimate tools (Find Hub). Inadequate network segmentation allowing 3-month dwell time. Unspecified initial access vector (potential unpatched vulnerability). Race condition in Windows Kernel (CVE-2025-62215). Gaps in dependency tracking and vulnerability disclosure processes. UK may impose cybersecurity requirements for Chinese-manufactured vehicles. Google/KakaoTalk may restrict Find Hub access; South Korea to enhance APT defenses. Conduent investing in EDR and incident response playbooks. Hyundai reviewing PII access controls and logging. Microsoft urges immediate patching for CVE-2025-62215. OWASP recommends SBOM adoption and automated disclosure workflows.
References
Blog URL Source URL
OCTOBER 2024
651
Cyber Attack
01 Oct 2024 • Conduent
Conduent Data Breach (2024-2025)

Conduent, a leading U.S. government contractor managing critical public services (e.g., Medicaid, child support, food assistance, and toll systems), suffered a **cyberattack** lasting nearly **three months** (October 2024–January 2025). Hackers, later identified as the **SafePay ransomware group**, exfiltrated **8.5 terabytes of data**, compromising **personal information of over 10 million individuals** across multiple states, including **Social Security numbers, medical records, and health insurance details**. The breach disrupted operations, causing **system outages** in states like Wisconsin, where beneficiaries couldn’t process payments for welfare programs. While Conduent claims no evidence of data misuse or dark web publication yet, the scale of the theft—affecting **400,000+ in Texas alone**—poses long-term risks of **identity theft, fraud, and exploitation of public benefit systems**. The company restored operations after containing the breach but faces scrutiny over its cybersecurity preparedness, given its role in handling **$85 billion in annual disbursements** and supporting **100 million residents** through government programs.

627
critical -24
CON2192421111425
Incident Details -
Type
Data Breach Ransomware Attack
Attack Vector
Third-party compromise (initial access)
Motivation
Financial Gain Data Theft
Impact
Social Security numbers Medical records Health insurance details Personal information linked to state programs (Medicaid, child support, food assistance, toll systems) Payment processing systems Customer service interactions State government program databases Downtime: Several days (disrupted services in multiple states, e.g., Wisconsin child support/welfare payments) Operational Impact: Critical public service disruptions (e.g., inability to process payments for child support, welfare programs) Customer Complaints: Expected (dedicated call center established for inquiries) Brand Reputation Impact: High (handling sensitive government data for 100 million residents) Legal Liabilities: Potential (notifications sent to affected individuals; SEC filing made) Identity Theft Risk: High (SSNs and medical records exposed) Payment Information Risk: Moderate (financial data linked to state disbursement programs)
Response
Incident Response Plan Activated: Yes (secured networks, restored systems, notified law enforcement) Third Party Assistance: Yes (cybersecurity experts, forensics team for data analysis) Law Enforcement Notified: Yes Network isolation System restoration Detailed analysis of exfiltrated files Identification of exposed personal information Operational restoration Dedicated call center for affected individuals SEC filing (Form 8-K) Notification letters to affected individuals Public statements
Data Breach
Personally Identifiable Information (PII) Protected Health Information (PHI) Financial Data Number Of Records Exposed: 10+ million Sensitivity Of Data: High (SSNs, medical records, health insurance details) Data Exfiltration: Confirmed (8.5 terabytes stolen) Social Security numbers Medical records Health insurance details State program beneficiary data
Regulatory Compliance
SEC Form 8-K filing State-level notifications to affected individuals
Lessons Learned
Need for stricter cybersecurity oversight in government contractor systems; long-term risks of data exfiltration (identity theft, fraud in public benefit systems); importance of rapid incident response and transparency.
Recommendations
Enhance third-party risk management Implement continuous monitoring for anomalous activity Strengthen data encryption and access controls Expand employee training on phishing/social engineering Develop faster breach notification protocols
Investigation Status
Ongoing (no evidence of data misuse or dark web publication as of latest update)
Customer Advisories
Monitor accounts for fraudulent activity Enable two-factor authentication (2FA) Use password managers and antivirus software Consider identity theft protection services Check for exposed data via personal removal services
Stakeholder Advisories
Notifications sent to affected individuals; dedicated call center established
Initial Access Broker
Entry Point: Third-party compromise Reconnaissance Period: Potentially from October 21, 2024 (intrusion start) to January 2025 (detection) State Medicaid programs Child support systems Food assistance databases Toll payment systems Data Sold On Dark Web: No evidence (as of latest update)
Post Incident Analysis
Third-party vulnerability exploitation Insufficient detection of prolonged network infiltration Network security hardening Enhanced forensic analysis capabilities Improved incident response coordination with state partners
References
Blog URL Source URL
JUNE 2024
704
Cyber Attack
16 Jun 2024 • Conduent
Cyberattack on Georgia’s SNAP Benefits Call Center Operated by Conduent

Hackers targeted Georgia’s SNAP benefits call center, operated by **Conduent**, via a cyberattack on its **interactive voice response (IVR) system** using bots. The attack disrupted services, forcing system downtime over the weekend and again on Tuesday, while attempting to improperly access **EBT account information** (including benefit balances). Though unconfirmed, the breach aligns with broader **international crime ring activities** cloning POS terminals to steal **hundreds of millions in taxpayer-funded SNAP benefits**—with a **350% fraud surge in Q4 2024**. Authorities urged cardholders to change PINs and lock accounts via Conduent’s **ConnectEBT app**, highlighting systemic vulnerabilities in third-party benefit distribution systems. The incident compounds ongoing **EBT scams** where funds vanish within minutes across multiple states, often through unauthorized retailers. Conduent acknowledged 'unusual call spikes' but avoided confirming a breach, citing generic fraud prevention measures like 'intelligent voice detection.'

641
critical -63
CON1965119090625
Incident Details -
Type
Cyberattack Fraud Unauthorized Access Attempt Service Disruption
Attack Vector
Bot Attack IVR System Exploitation Credential Stuffing (implied by PIN change advisory) Point-of-Sale (POS) Terminal Cloning (linked broader fraud)
Vulnerability Exploited
Weaknesses in IVR System Authentication Lack of Multi-Factor Authentication (MFA) for Call-In Access Insufficient Bot Detection/Prevention
Motivation
Financial Gain Fraudulent Transactions Theft of Taxpayer Funds
Impact
Financial Loss: $350 million (nationwide EBT fraud in 2024; specific loss from this incident unclear) Conduent’s IVR System ConnectEBT App (indirectly, via advisory) EBT Card Transactions Call center down over the weekend (2+ days) Additional outage on Tuesday morning Disruption of SNAP benefits access for Georgia residents Increased customer support burden Manual PIN reset/locking required for cardholders Dozens of reports from Georgia and other states about stolen benefits Negative publicity for Conduent and Georgia DHS Erosion of trust in EBT system security Low (primary risk is financial theft, not identity theft) High (EBT account balances and PINs targeted)
Response
Incident Response Plan Activated: Yes (Conduent blocked suspicious activity at Georgia’s request) USDA Office of Inspector General U.S. Secret Service (linked to broader fraud investigations) Blocked suspicious inbound calls Shut down call center temporarily Enhanced bot detection in IVR system (pre-existing 'intelligent voice systems') Advisory for PIN changes and card locking Call center restoration (ongoing as of report) Monitoring via ConnectEBT app Public advisory via Georgia DHS Media statements to Atlanta News First Direct notifications to cardholders (implied) Ongoing monitoring of IVR system for suspicious activity
Data Breach
EBT Account Balances PINs (potentially) Data Exfiltration: Unconfirmed (attempted but not verified) EBT Card Numbers (likely) PINs (if compromised)
Regulatory Compliance
USDA and Secret Service involved in broader fraud investigations
Lessons Learned
Need for stronger authentication in IVR systems (e.g., MFA) Proactive bot mitigation strategies for call centers Importance of real-time transaction monitoring for EBT fraud Public awareness campaigns for cardholder security (e.g., PIN changes, card locking)
Recommendations
Implement MFA for EBT account access via IVR/call centers Enhance bot detection with AI/ML-based anomaly detection Expand use of the ConnectEBT app’s security features (e.g., card locking) Collaborate with USDA/Secret Service to disrupt international fraud rings Audit and update POS terminal security to prevent cloning
Investigation Status
Ongoing (as of report)
Customer Advisories
Use ConnectEBT app to monitor accounts and lock cards Report fraud to USDA OIG via phone/online
Stakeholder Advisories
Georgia DHS advisory to change PINs and lock EBT cards USDA/Secret Service warnings about international fraud rings
Initial Access Broker
IVR System Exploitation Bot-Based Call Flooding EBT Account Balances PINs
Post Incident Analysis
Inadequate bot protection in IVR system Lack of real-time fraud detection for EBT transactions Weak authentication for call-in account access Deployed enhanced bot detection (per Conduent’s July 2025 press release) Temporary call center shutdown to contain attack Public campaign for PIN resets and card locking
References
Blog URL Source URL
JUNE 2020
739
Ransomware
01 Jun 2020 • Conduent
Conduent Ransomware Attack

The operations of Conduent in Europe were disrupted by a ransomware attack and data related to customer audits was breached in the incident. The data stolen in the attack was apparently posted by the Maze ransomware group on its Dark web page.

623
critical -116
CON2405322
Incident Details -
Type
Data Breach, Ransomware
Attack Vector
Ransomware
Motivation
Financial gain
Impact
Data Compromised: Customer audit data Operational Impact: Disruption of operations
Data Breach
Type Of Data Compromised: Customer audit data Data Exfiltration: Posted on Dark web
Initial Access Broker
Data Sold On Dark Web: Posted on Dark web
References
Blog URL Source URL
JUNE 2017
750
Cyber Attack
16 Jun 2017 • Conduent Business Solutions
Conduent Data Breach (October 2024)

Conduent, a publicly traded company spun off from Xerox in 2017, suffered a **cyberattack in October 2024** that compromised **personal and health data of 10.5 million individuals**, including names, Social Security numbers, medical records, and health insurance details. The breach, attributed to the **SafePay ransomware gang**, involved **8.5 TB of stolen data**, with the group threatening to leak it. Affected entities include major insurers (**Blue Cross Blue Shield of Montana, Texas, Humana, Premera**) and state agencies (**Wisconsin DCF, Oklahoma DHS—though the latter denied impact**). Conduent delayed disclosure for **nearly 10 months**, sparking **nine federal class-action lawsuits** alleging negligence in data security. The incident disrupted services, triggered regulatory probes (e.g., **Montana’s investigation into delayed notifications**), and forced Conduent to offer **credit monitoring to victims**. The breach ranks among the **largest health data breaches of 2025**, with potential systemic risks to insurers and government services.

714
critical -36
CON4502645110525
Incident Details -
Type
Data Breach Ransomware Attack Unauthorized Access
Attack Vector
Network Intrusion Exploitation of Vulnerabilities (unspecified)
Motivation
Financial Gain Data Theft/Extortion
Impact
Names Social Security Numbers Medical Information Health Insurance Information Conduent's Network (limited portion) Third-Party Vendor Systems (e.g., administrative services for Premera) Start: 2024-10-21 End: 2025-01-13 Description: Operational disruption reported on 2025-01-13; duration of unauthorized access unknown. Disruption of services for state agencies (e.g., Oklahoma DHS) Administrative support outages for insurers Multiple class-action lawsuits filed (9+ as of 2025-10-27) Investigations by law firms and state regulators (e.g., Montana) Negative publicity due to delayed disclosure (10 months) Loss of trust from clients and affected individuals Proposed federal class-action lawsuits (negligence claims) Potential regulatory fines (HIPAA violations under investigation) High (SSNs and medical data exposed) Complimentary credit monitoring offered to affected Premera members
Response
Incident Response Plan Activated: Yes (as of 2025-01-13) Law Enforcement Notified: Yes Secured affected systems (per Premera's statement) Dark web monitoring for exfiltrated data Credit monitoring/identity protection for Premera members (2 years) Direct notifications to affected individuals Breach notice on Conduent's website SEC filing (April 2025) State regulator notifications (delayed)
Data Breach
PII (Personally Identifiable Information) PHI (Protected Health Information) Number Of Records Exposed: 10.52 million Sensitivity Of Data: High (SSNs, medical/health insurance data) Data Exfiltration: Yes (8.5 TB allegedly stolen by SafePay) Names Social Security Numbers Medical Information Health Insurance Details
Regulatory Compliance
Potential HIPAA violations (under investigation) State data breach notification laws (delayed disclosure) 9+ class-action lawsuits (as of 2025-10-27) Montana state regulator investigation SEC filing (April 2025) State regulator reports (e.g., Oklahoma, Wisconsin)
Investigation Status
Ongoing (class-action lawsuits, Montana regulator probe, potential HIPAA investigation)
Customer Advisories
Conduent: Notified affected individuals directly (timing unclear) Premera: Offered 2 years of credit monitoring/identity protection
Stakeholder Advisories
Premera Blue Cross: Clarified no breach of their systems; offered credit monitoring Oklahoma DHS: Confirmed no impact to their data
Initial Access Broker
Health insurance data State agency client data Data Sold On Dark Web: Yes (alleged by SafePay)
Post Incident Analysis
Failure to implement reasonable data security measures (per lawsuits) Delayed detection/containment (October 2024–January 2025)
References
Blog URL Source URL

Frequently Asked Questions

According to Rankiteo, the current A.I.-based Cyber Score for Conduent is 166, which corresponds to a Critical rating.

According to Rankiteo, the A.I. Rankiteo Cyber Score for November 2025 was 220.

According to Rankiteo, the A.I. Rankiteo Cyber Score for October 2025 was 218.

According to Rankiteo, the A.I. Rankiteo Cyber Score for September 2025 was 205.

According to Rankiteo, the A.I. Rankiteo Cyber Score for August 2025 was 192.

According to Rankiteo, the A.I. Rankiteo Cyber Score for July 2025 was 179.

According to Rankiteo, the A.I. Rankiteo Cyber Score for June 2025 was 225.

According to Rankiteo, the A.I. Rankiteo Cyber Score for May 2025 was 206.

According to Rankiteo, the A.I. Rankiteo Cyber Score for April 2025 was 452.

According to Rankiteo, the A.I. Rankiteo Cyber Score for March 2025 was 445.

According to Rankiteo, the A.I. Rankiteo Cyber Score for February 2025 was 438.

According to Rankiteo, the A.I. Rankiteo Cyber Score for January 2025 was 448.

Over the past 12 months, the average per-incident point impact on Conduent’s A.I Rankiteo Cyber Score has been -99.5 points.

You can access Conduent’s cyber incident details on Rankiteo by visiting the following link: https://www.rankiteo.com/company/conduent.

You can find the summary of the A.I Rankiteo Risk Scoring methodology on Rankiteo by visiting the following link: Rankiteo Algorithm.

You can view Conduent’s profile page on Rankiteo by visiting the following link: https://www.rankiteo.com/company/conduent.

With scores of 18.5/20 from OpenAI ChatGPT, 20/20 from Mistral AI, and 17/20 from Claude AI, the A.I. Rankiteo Risk Scoring methodology is validated as a market leader.