American enterprise companies big Conduent has confirmed {that a} 2024 data breach has impacted over 10.5 million folks, in line with notifications filed with the US Lawyer Basic’s workplaces.
Conduent is an American enterprise course of outsourcing (BPO) firm that gives digital platforms and companies for governments and enterprises. The corporate was spun off from Xerox in 2017 and at present employs 56,000 folks throughout 22 international locations, having an annual income of $3.4 billion.
The corporate started sending data breach notifications to affected people this month, with the most important reported quantity coming from the Oregon authorities, which stated 10.5 million folks have been affected.
Additional data breach notifications shared on the Texas AG web site report 4 million folks, 76k in Washington, and a few hundred in Maine.
On condition that Conduent supplies companies to a number of different states the place particular data breach figures aren’t printed, the precise impression could possibly be far bigger.
The data breach notifications state that folks’s identify, Social Safety Numbers, full date of start, medical insurance coverage or ID quantity, or medical data was uncovered.
Conduent’s notification claims that, as of October 24, 2025, the time of its circulation, there is no proof that the stolen information has been “misused.”
BleepingComputer contacted Conduent to be taught the precise variety of impacted folks nationwide, and we’ll replace this put up with their response as soon as it reaches us.
At first of the 12 months, Conduent suffered a service outage that it later admitted was brought on by a cybersecurity incident. Though the menace actor behind the assault wasn’t named, the Safepay ransomware gang took accountability for it in late February.
In April, the agency disclosed in a Type 8-Ok submitting with the SEC that menace actors had stolen information from its methods that contained buyer data, in addition to information from their clients’ purchasers.
An investigation into the scope of the data breach has now decided that the assault impacted tens of millions of folks. Moreover, though the breach was found in January 2025, the setting had been compromised a lot earlier, on October 21, 2024.
Notification recipients are advisable to acquire credit score experiences and contemplate inserting fraud alerts and a security freeze on their accounts, although no identification theft safety and credit score monitoring companies have been provided on this case.
46% of environments had passwords cracked, almost doubling from 25% final 12 months.
Get the Picus Blue Report 2025 now for a complete have a look at extra findings on prevention, detection, and information exfiltration developments.
