Conduent, a prominent U.S.-based business services and government contractor, has officially confirmed that client data was exfiltrated during a cyberattack that occurred in January 2025. The company disclosed this development in a Form 8-K filing with the U.S. Securities and Exchange Commission (SEC) on April 14, 2025.
Conduent provides digital platforms and services across various sectors, including transportation, healthcare, customer experience, and human resources. The company employs over 33,000 individuals and serves half of the Fortune 100 companies, along with more than 600 government and transportation agencies.
In the SEC filing, Conduent stated:
“As part of its ongoing investigation, the Company determined that the threat actor exfiltrated a set of files associated with a limited number of the Company’s clients.”
The company further elaborated that, due to the complexity of the compromised files, cybersecurity data mining experts were engaged to assess the nature, scope, and validity of the data. This assessment confirmed that the exfiltrated datasets contained a significant amount of personal information related to clients’ end-users.
Conduent is continuing its analysis to determine the precise impact of the data breach. The company is informing affected clients as appropriate to comply with federal and state regulations.
As of now, there is no indication that the stolen data has been published on the dark web or any other public platform. BleepingComputer has also not identified any ransomware groups or threat actors leaking or offering the data for sale.
