Business services firm Conduent recently informed the SEC that hackers stole personal data during a January cyberattack. The breach first came to light when Oklahoma Human Services and Wisconsin’s Department of Children and Families reported service disruptions due to Conduent’s network problems. About ten days after these reports, Conduent said it had fixed all affected systems.
In its latest SEC filing, Conduent claimed it restored operations “within days, and in some cases, hours,” and insisted that the attack did not significantly impact its business.
However, the company admitted that hackers managed to steal “a set of files” from “a limited number” of clients. These files contained the personal information, such as names, addresses, and Social Security numbers (according to SecurityWeek), of “a significant number” of individuals who use their clients’ services.
Third-party security audit and ransomware connection
Conduent mentioned that they have had an external security firm check their systems. According to that firm, everything is now secure, and there have been no signs of any further suspicious activity since the attack.
The company has been quite tight-lipped about what exactly happened during the cyberattack. Interestingly, back in February, the Safepay ransomware group actually added Conduent to their dubious leak site on the dark web, effectively putting them on their “hit list.”
What’s significant is Conduent’s carefully crafted statement to the SEC that “as far as they know,” the stolen data hasn’t appeared on the dark web or been leaked publicly elsewhere.
“To the company’s knowledge, the exfiltrated data has not been released on the dark web or otherwise publicly,” Conduent told the SEC. “While the company did not experience material impacts to its operating environment or costs from the event itself, the company has incurred and accrued material non-recurring expenses in the first quarter related to the event based on potential notification requirements. The company maintains a cyber insurance policy and has also notified federal law enforcement authorities of the incident.”
History of previous ransomware attacks
This isn’t Conduent’s first experience with ransomware attacks, unfortunately. In 2020, they were one of several major tech service providers targeted by a series of cyberattacks. That summer, after initially remaining silent, they ultimately acknowledged that ransomware was responsible for one of their service outages.
At the time, the Maze ransomware group proudly claimed responsibility for attacking Conduent and even published documents they had stolen from the company. However, Conduent wasn’t alone—other major tech firms such as Cognizant, DXC Technology, and Tyler Technologies also fell victim to ransomware attacks that same year.
Flashpoint’s 2025 Ransomware Survival Guide equips businesses with actionable strategies to prevent attacks, respond swiftly, and ensure resilience. Learn more about how the company recommends that organizations prepare.