1. Forum
  2. FidoNET
  3. POLITICS

  • US government contractor

    From Mike Powell@1:2320/105 to All on Tuesday, April 15, 2025 14:00:00
    US government contractor Conduent says hackers were able to steal some client files

    Date:
    Tue, 15 Apr 2025 13:41:00 +0000

    Description:
    The January 2025 breach resulted in a data breach, Conduent confirms to the
    US government.

    FULL STORY

    Conduent Incorporated, an American business process services company, has confirmed suffering a cyberattack and a data breach in a new filing with the
    US Securities and Exchange Commission (SEC).

    In a new 8-K form, Conduent said that in mid-January 2025, it experienced an operational disruption caused by unauthorized access from a threat actor. The attackers allegedly accessed a limited portion of the companys environment,
    and remained there for days (in some cases, for hours, Conduent said)

    Earlier reports said the attack happened after a third-party system
    compromise on an operating system.

    Supply chain attack

    While the attack did not have a material impact on the companys operations,
    it did result in the theft of sensitive data.

    Conduent offers a range of services, including transaction processing, automation, and analytics, across various sectors such as healthcare, transportation, and government.

    Some of its biggest clients include the US Secret Service, District of
    Columbia Medicaid, and others. It serves hundreds of government and transportation organizations.

    In the attack, the threat actors stole data generated by Conduents clients:
    As part of its ongoing investigation, the company determined that the threat actor exfiltrated a set of files associated with a limited number of the companys clients, the filing reads.

    Due to the complexity of the files, the Company engaged cybersecurity data mining experts to evaluate the exfiltrated data and was recently informed of its nature, scope and validity, confirming that the data sets contained a significant number of individuals personal information associated with our clients' end-users.

    At press time, no groups assumed responsibility for the attack, and the data has not yet leaked on the dark web.

    According to BleepingComputer , this is not Conduents first incident, as the company also suffered a data breach in 2020, when the Maze ransomware group managed to encrypt the companys devices and steal corporate data.

    Via BleepingComputer

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/us-government-contractor-conduent-says- hackers-were-able-to-steal-some-client-files

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)