Conduent confirms cyberattack impacting government agencies and causing service disruptions across multiple US states.
The company confirmed that it “experienced an operational disruption due to a cybersecurity incident,” in a statement.
This incident, which caused service outages, affected payments and customer service lines.
The Wisconsin Department of Children and Families reported that organizations in four states faced a “global network issue” due to the Conduent cyberattack, noting that Conduent was “rebuilding” its server.
Oklahoma Human Services also reported a technical outage affecting a Conduent customer service line a week earlier.
“This incident was contained and all systems have been restored. Maintaining system integrity and functionality is as important to us as it is to our clients.” Conduent stated.
While speculation suggests a possible ransomware attack, no group has yet claimed responsibility. It is noteworthy that Conduent was previously targeted by the Maze ransomware group in 2020.
Conduent, formed in 2017 after separating from Xerox, offers business process as a service (BPaaS), customer experience management, and solutions for healthcare, government, and transportation sectors.
The company boasts over 56,000 employees and serves numerous major clients, including top automakers, health plans, banks, pharma companies, and over 600 government entities across 46 US states.
The Conduent cyberattack is a lesson in data security and highlights the vulnerability of large organizations and the impact of such incidents on critical services.
Cyberattack Prevention and Defenses for Enterprises
To prevent cyberattacks like the Conduent incident, enterprises need a robust, multi-layered defense. This includes:
- Strong security awareness training: Educate employees on threats and safe practices.
- Multi-factor authentication (MFA): Add an extra layer of security to accounts.
- Regular security audits and penetration testing: Identify and fix vulnerabilities proactively.
- Network segmentation and access control: Limit the impact of breaches.
- Data Loss Prevention (DLP): Prevent sensitive data from leaving the organization.
- Incident response plan: Prepare for and manage security incidents.
- Regular software updates and patching: Address known vulnerabilities promptly.
- Endpoint Detection and Response (EDR): Monitor devices for malicious activity.
- Security Information and Event Management (SIEM): Analyze security logs for threats.
- Data backup and recovery: Ensure business continuity in case of data loss.
- Third-party risk management: Vet and monitor vendors for security risks.
- Cloud security: Secure cloud services with appropriate measures.
These steps if implemented and regularly updated, significantly reduce the risk of devastating cyberattacks like Conduent.
