政府承包商Conduent遭遇网络攻击,导致个人数据泄露,包括姓名和社会安全号码。此次攻击影响多个州的服务,并迅速恢复运营。公司正在调查影响并通知客户,未发现数据公开迹象。专家怀疑为勒索软件攻击。 2025-4-16 07:53:50 Author: securityaffairs.com(查看原文) 阅读量:11 收藏
Government contractor Conduent disclosed a data breach
The business services provider Conduent told the SEC a January cyberattack exposed personal data, including names and Social Security numbers.
The business services provider Conduent revealed that personal information, including names and Social Security numbers, was stolen in a January cyberattack.
In January, Conduent confirmed a cyberattack caused service disruptions after agencies in multiple US states reported outages. Wisconsin and Oklahoma noted impacts on payments and customer support.
In a new FORM-8K filing with the SEC, the company announced that it had restored operations quickly after a cyberattack, but confirmed that attackers stole files containing personal data from some clients’ end-users.
“On January 13, 2025, Conduent Incorporated (the “Company”) experienced an operational disruption and learned that a ‘threat actor’ gained unauthorized access to a limited portion of the Company’s environment.” reads the FORM-8K filed with SEC. “As part of its ongoing investigation, the Company determined that the threat actor exfiltrated a set of files associated with a limited number of the Company’s clients. Due to the complexity of the files, the Company engaged cybersecurity data mining experts to evaluate the exfiltrated data and was recently informed of its nature, scope and validity, confirming that the data sets contained a significant number of individuals’ personal information associated with our clients’ end-users.”
The business services provider is still investigating the data exfiltration’s full impact and notifying clients as needed. So far, the stolen data hasn’t appeared on the dark web or publicly released.
Conduent reported no major operational impact from the cyberattack but did face significant one-time costs for notifications. The company holds cyber insurance and informed federal authorities.
The company did not disclose technical details about the attack, but experts believe it was the victim of a ransomware attack.
Conduent suffered another security breach in 2020 by the Maze ransomware gang, which stole corporate data.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, data breach)
如有侵权请联系:admin#unsafe.sh