Conduent experienced a data incident on that is proving to have widespread repercussions. The business services provider offers a range of support for organizations, including printing/mailroom services, payment integrity, document processing, and back-office aid, so this attack on its network affected more entities than itself. 

What Happened? 

On Jan. 13, 2025, Conduent found a cyber incident had affected part of its network. Upon this discovery, the organization secured networks and commenced an investigation alongside third-party forensic experts. 

The investigation uncovered that an unauthorized party obtained access to the organization’s environments from Oct. 21, 2024, to Jan. 13, 2025. During this time, files associated with various clients were taken. The organization states the data involved is complex in nature, and therefore, it is conducting an analysis to determine which data elements were potentially compromised for which clients. 

The ransomware group known as Safepay claimed responsibility for the attack. Currently, there is no evidence to suggest the affected information has been misused. 

What to Know: Customers Impacted

As more information comes out, the list of affected clients in the United States continues to grow. While the full list of impacted organizations has not been disclosed, notable stories have emerged from some known affected clients. 

Blue Cross Blue Shield of Montana

Blue Cross Blue Shield of Montana (BCBSMT) contracted with Conduent and was notified it was an impacted client in January 2025. However, BCBSMT informed impacted individuals in October 2025 — nine months after learning of the incident. State regulators have initiated an investigation to determine if BCBSMT complied with state data breach notification expectations, mandating notices to be sent without unreasonable delay. 

A public administrative hearing was held Jan. 22, 2026. BCBSMT requested a temporary restraining order to prevent the hearing but was denied. 

“It is troubling that it appears [BCBS] attempted to avoid regulatory oversight and accountability by seeking to block this hearing through the courts,” said Tyler Newcomb, Montana CSI Communications Director. “Our office is committed to protecting Montanans and ensuring a fair, transparent, and very serious process when sensitive personal and health data may have been placed at risk. Our office will consider all the evidence and then issue a final order in due course.”

Volvo Group North America

Volvo Group North America (VGNA) recently revealed it experienced an indirect data breach in connection with the Conduent incident. Approximately 17,000 customers and/or staff members had data exposed. 

This follows news that VGNA experienced a separate security breach connected with another third-party supplier, IT services provider Miljödata, exposing data such as names and Social Security numbers. 

What to Keep an Eye On: Investigation Launched 

The Office of the Attorney General of Texas is launching an investigation into Conduent and Blue Cross Blue Shield of Texas (BCBSTX), one of the organization’s affected customers. Documents and pertinent information are to be turned over at the behest of Attorney General Ken Paxton to verify BCBSTX’s compliance with state law and Conduent’s communications, security measures, and compliance. 

“The Conduent data breach was likely the largest breach in U.S. history. If any insurance giant cut corners or has information that could help us prevent breaches like this in the future, I will work to uncover it,” states Attorney General Paxton. “Texans deserve to know that their private health information is being handled responsibly and in full compliance with the law. My office is committed to uncovering exactly what went wrong, taking action to protect Texas families, and ensuring there is justice for any negligence.”

The full scope of individuals affected is currently unknown, though it is likely this breach will rank among the largest. 

A spokesperson from Conduent reached out to Security magazine with the following statement: 

“From the outset of this incident, we acted promptly and in alignment with incident response protocols to contain and investigate the issue. We engaged leading third party cybersecurity experts, disclosed the incident through an 8-K filing, notified clients and relevant authorities, and worked to support those impacted by the event, including most recently sending notifications on clients’ behalf. To date, there is no evidence that any underlying data has been misused, posted, or made publicly available, and we continue to monitor closely.

“We look forward to working cooperatively with the Texas Attorney General’s Office to provide the relevant information, consistent with our longstanding practice of constructive engagement with regulators.”