A threat actor exfiltrated personal data belonging to a ‘significant number of individuals’ in the January cyberattack, the solution provider says in a regulatory filing.
A threat actor exfiltrated personal data belonging to a “significant number of individuals” connected to Conduent clients in a January cyberattack, the solution provider giant disclosed in a regulatory filing Monday.
Conduent, No. 24 on CRN’s Solution Provider 500 for 2024, had previously said that a major service outage in January was caused by a cyberattack, but did not say at the time whether any data had been stolen.
[Related: 10 Major Ransomware Attacks And Data Breaches In 2024]
Florham Park, N.J.-based Conduent, which provides systems used to enable government services such as child support payments and food assistance, has said it experienced an “operational disruption” on Jan. 13 associated with the cyberattack.
In a filing Monday with the U.S. Securities and Exchange Commission, Conduent said a threat actor was able to access a “limited portion” of the company’s IT environment during the incident.
Following an investigation, Conduent determined that the attacker “exfiltrated a set of files associated with a limited number of the Company’s clients” during the incident.
Experts that were engaged to evaluate the stolen data have now informed Conduent about the nature of the exfiltrated data, the company said in the SEC filing Monday.
The evaluation found that “the data sets contained a significant number of individuals’ personal information associated with our clients’ end-users,” Conduent said.
In a statement provided to CRN, Conduent said that the SEC filing indicates that the January cyber incident is “reasonably likely to be material based on information it recently learned from its eDiscovery vendor.”
Conduent “continues its efforts to understand the full nature and scope of that affected data and will partner with its affected clients to provide appropriate notifications under the law,” the company said in the statement, noting that there has been “no further known malicious activity since the incident.”
In the SEC filing, Conduent specified that it has “incurred and accrued material non-recurring expenses in the first quarter related to the event based on potential notification requirements,” though there were no “material impacts to its operating environment or costs from the event itself.”
The solution provider also said it has no information suggesting that any of the stolen data has been posted on the darkweb.
Conduent was previously among the major solution providers struck by a wave of ransomware attacks during 2020. That June, Conduent acknowledged that a ransomware incident had been behind a recent service interruption.
The Maze ransomware group took responsibility for the attack and also published documents purportedly stolen from Conduent. The list of other solution providers affected by ransomware in 2020 also included Cognizant, DXC Technology and Tyler Technologies.
