# Government Contractor Conduent Discloses Data Breach Amid January Cyberattack

The business services provider Conduent has revealed a data breach after a cyberattack in January exposed personal information of clients, including names and Social Security numbers. The company confirmed that the attack, which caused service disruptions across multiple US states, resulted in unauthorized access to a limited portion of its environment.

In a new filing with the SEC (Securities and Exchange Commission), Conduent disclosed that attackers exfiltrated files associated with a limited number of clients' end-users, containing sensitive personal information. The company stated that it had restored operations quickly after the cyberattack but was still investigating the full impact of the data exfiltration.

According to the filing, on January 13, 2025, Conduent experienced an operational disruption and learned that a "threat actor" gained unauthorized access to its environment. As part of its investigation, the company engaged cybersecurity experts to evaluate the exfiltrated data and was recently informed of its nature, scope, and validity.

The stolen data sets contained personal information associated with clients' end-users, including names and Social Security numbers. However, it is worth noting that the data has not appeared on the dark web or been publicly released so far. Conduent reported no major operational impact from the cyberattack but faced significant one-time costs for notifications.

The company holds cyber insurance and informed federal authorities about the breach. Experts believe that Conduent was likely a victim of a ransomware attack, following a pattern of similar incidents in the past. In 2020, Conduent suffered another security breach at the hands of the Maze ransomware gang, which stole corporate data.

As the investigation continues, Conduent is notifying clients as needed and taking steps to mitigate any further damage. The company's experience serves as a reminder of the importance of robust cybersecurity measures and the need for businesses to prioritize data protection in an increasingly digital landscape.

Stay informed about security-related news and updates by following me on Twitter: @securityaffairs and Facebook, and Mastodon.