- Conduent has filed a new 8-K form with the SEC
- It noted a January 2025 breach and said some customer data was taken
- So far, no groups assumed responsibility for the attack
Conduent Incorporated, an American business process services company, has confirmed suffering a cyberattack and a data breach in a new filing with the US Securities and Exchange Commission (SEC).
In a new 8-K form, Conduent said that in mid-January 2025, it experienced an “operational disruption” caused by unauthorized access from a threat actor. The attackers allegedly accessed a “limited portion” of the company’s environment, and remained there for days (in some cases, for hours, Conduent said)
Earlier reports said the attack happened after a “third-party system compromise on an operating system”.
Supply chain attack
While the attack did not have a material impact on the company’s operations, it did result in the theft of sensitive data.
Conduent offers a range of services, including transaction processing, automation, and analytics, across various sectors such as healthcare, transportation, and government.
Some of its biggest clients include the US Secret Service, District of Columbia Medicaid, and others. It serves hundreds of government and transportation organizations.
In the attack, the threat actors stole data generated by Conduent’s clients: “As part of its ongoing investigation, the company determined that the threat actor exfiltrated a set of files associated with a limited number of the company’s clients,” the filing reads.
“Due to the complexity of the files, the Company engaged cybersecurity data mining experts to evaluate the exfiltrated data and was recently informed of its nature, scope and validity, confirming that the data sets contained a significant number of individuals’ personal information associated with our clients' end-users.”
At press time, no groups assumed responsibility for the attack, and the data has not yet leaked on the dark web.
According to BleepingComputer, this is not Conduent’s first incident, as the company also suffered a data breach in 2020, when the Maze ransomware group managed to encrypt the company’s devices and steal corporate data.
Via BleepingComputer
You might also like
- Software supply chains are coming under attack more than ever
- Take a look at our guide to the best authenticator app
- We've rounded up the best password managers
