Pierluigi Paganini
November 03, 2025
Conduent January 2025 breach exposed the personal data of over 10M people, including names, addresses, DOBs, SSNs, and health and insurance info.
In April 2025, the business services provider Conduent revealed that personal information, including names and Social Security numbers, was stolen in a January cyberattack.
In January, the company announced that cyberattack caused service disruptions after agencies in multiple US states reported outages. Wisconsin and Oklahoma noted impacts on payments and customer support.
In a new FORM-8K filing with the SEC, the company announced that it had restored operations quickly after a cyberattack, but confirmed that attackers stole files containing personal data from some clients’ end-users.
Conduent reported no major operational impact from the cyberattack but did face significant one-time costs for notifications. The company holds cyber insurance and informed federal authorities.
Conduent disclosed that hackers accessed its network from October 21, 2024, to January 13, 2025, stealing personal data of users, including SSNs, DOBs, addresses, and health info. The company notified affected individuals and is offering free identity protection.
“On January 13, 2025, we discovered that we were the victim of a cyber incident that impacted a limited portion of our network. We immediately secured our networks and initiated an investigation with the assistance of thirdparty forensic experts. Our investigation determined that an unauthorized third party had access to our environment from October 21, 2024, to January 13, 2025, and obtained some files associated with <Client Name>.” reads the data breach notification sent to the impacted individuals. “Given the nature and complexity of the data involved, Conduent has been working diligently with a dedicated review team, including internal and external experts, to conduct a detailed analysis of the affected filesto identify the personal information contained therein.”
The company recommends impacted indivisuals to monitor credit, place fraud alerts, and consider security freezes.
“Upon discovery of the incident, we safely restored our systems and operations and notified law enforcement. We are also notifying you in case you decide to take further steps to protect your information should you feel it appropriate to do so.” states the report.
According to the Oregon Department of Justice, the Conduent breach affected 10,515,849 people.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, data breach)
Security / November 03, 2025
