"Conduent experienced a data incident on that is proving to have widespread repercussions. The business services provider offers a range of support for organizations, including printing/mailroom services, payment integrity, document processing, and back-office aid, so this attack on its network affected more entities than itself. On Jan. 13, 2025, Conduent found a cyber incident had affected part of its network. Upon this discovery, the organization secured networks and commenced an investigation alongside third-party forensic experts."
"The investigation uncovered that an unauthorized party obtained access to the organization's environments from Oct. 21, 2024, to Jan. 13, 2025. During this time, files associated with various clients were taken. The organization states the data involved is complex in nature, and therefore, it is conducting an analysis to determine which data elements were potentially compromised for which clients. The ransomware group known as Safepay claimed responsibility for the attack."
"Blue Cross Blue Shield of Montana (BCBSMT) contracted with Conduent and was notified it was an impacted client in January 2025. However, BCBSMT informed impacted individuals in October 2025 - nine months after learning of the incident. State regulators have initiated an investigation to determine if BCBSMT complied with state data breach notification expectations, mandating notices to be sent without unreasonable delay. A public administrative hearing was held Jan. 22, 2026. BCBSMT requested a temporary restraining order to prevent the hearing but was denied."
Conduent detected a cyber incident on Jan. 13, 2025 and secured networks while engaging third-party forensic experts. The investigation found unauthorized access from Oct. 21, 2024 through Jan. 13, 2025, during which files associated with various clients were taken. Conduent states the data is complex and is analyzing which specific data elements were potentially compromised for each client. The ransomware group Safepay claimed responsibility. No evidence currently indicates affected information has been misused. The list of impacted U.S. customers continues to grow. Blue Cross Blue Shield of Montana was notified in January 2025 but informed individuals in October 2025; state regulators opened an investigation and held a public hearing Jan. 22, 2026.
Read at Securitymagazine
Unable to calculate read time
Collection
[
|
...
]