In January, Conduent reported that it had experienced an operational disruption due to a third-party compromise of one of its operating systems. They no longer refer to the incident as an “outage” and now refer to it as a “cyberattack,” but they still fail to clearly disclose whether this was a ransomware attack or not. Cybersecurity Dive reports:
- Conduent Inc. warned in an April 14 regulatory filing with the Securities and Exchange Commission that a “significant” number of people had their personal data stolen in a January cyberattack that affected a limited number of the company’s clients.
- The company, a major government payments technology vendor for social services and transit systems, was targeted in a Jan. 13 attack that disrupted certain operations.
- The company warned it has incurred and accrued a material amount of nonrecurring expenses related to the breach. A spokesperson for the company did not have specific numbers yet, but a breach notification has already been posted by the California Attorney General’s office.
Read more at Cybersecurity Dive.
Although the company did not provide a lot of details about the attack, in February, the SafePay ransomware team had claimed responsibility for the January attack, and claimed to have exfiltrated 8.5 TB of files.
In November 2024, Huntress Team provided some analysis of SafePay’s methods.
Cybersecurity Dive notes that according to Conduent’s website, 37 states use the company’s Electronic Payment Card solutions, but Conduent has not publicly disclosed the total number of states, clients, or individuals affected by this breach. It seems like we will have to wait to find out what number Conduent considers “significant.”
