HQ/EMEAFind out how we can help your business
The Conduent cyberattack that occurred in January 2025 has now been confirmed to have involved the theft of sensitive client data, according to a new disclosure filed by the company with the U.S. Securities and Exchange Commission (SEC).
Conduent, a major American business services firm and government contractor, revealed that threat actors exfiltrated files containing a significant amount of personal information linked to its clients’ end-users.
Conduent provides digital platforms and solutions for both government and commercial clients across sectors such as healthcare, human resources, transportation, and customer experience. With over 33,000 employees, the company supports more than 600 government and transportation agencies and serves half of the Fortune 100 companies.
The Conduent cyberattack affected a limited number of clients.
The Conduent cyberattack, which impacted customer operations across the United States, affected a limited number of clients, though the company has now confirmed that the compromised data includes personal information. Due to the complexity of the stolen files, cybersecurity and data mining experts were brought in to assess the content and scope of the breach. Their findings confirmed that a large volume of sensitive data had been compromised.
While the full impact is still being analysed, Conduent is working closely with affected clients and informing them as required by state and federal regulations. The company has stressed that there is currently no indication that the stolen data has been shared publicly or on the dark web. Investigations by external parties also found no evidence of the data being leaked or sold by ransomware gangs.
Despite the breach, Conduent stated that its core operations were not materially affected. However, it did incur expenses in the first quarter of 2025 related to the incident. This incident is not the first time the company has been targeted. In 2020, Conduent fell victim to the Maze ransomware group, which encrypted systems and stole corporate data.
The Conduent cyberattack highlights the ongoing risks faced by large organisations, especially those handling data for governments and major corporations. As investigations continue, the company works on verifying the full extent of the breach and ensuring compliance with data protection laws.
For organisations handling large-scale data operations, incidents like the Conduent cyberattack must be a reminder to implement robust cybersecurity defences and timely response strategies.
