Conduent, a leading U.S. business process outsourcing (BPO) provider, recently confirmed a serious data breach affecting over 10 million customers between late 2024 and early 2025. According to a report submitted to the Maine Attorney General's Office, the company discovered an intrusion into some of its network systems on January 13, 2025, immediately disconnected the affected systems, and launched an investigation with the assistance of external cybersecurity experts.
The investigation revealed that hackers gained unauthorized access to the Conduent network between October 21, 2024, and January 13, 2025, resulting in the leakage of sensitive customer information. The leaked data included names, Social Security numbers (SSNs), dates of birth, health insurance information, identification numbers, and some medical records. Conduent stated that it immediately notified regulatory and law enforcement agencies and sent risk warnings and protection advice to affected customers. Currently, no evidence of malicious data use has been found.
Publicly available information shows that Conduent, headquartered in Florham Park, New Jersey, USA, was spun off from Xerox in 2017. It primarily provides outsourcing services such as digital process management, payment processing, and data analytics to businesses and government agencies. This incident exposes vulnerabilities in its data security protection, potentially causing long-term damage to customer privacy and the company's reputation.
