Conduent confirms hackers accessed its system in January cyberattack

The technology and business services firm Conduent told the U.S. Securities and Exchange Commission that the cybercriminals who orchestrated a cyberattack on the company earlier this year were able to access a “limited portion” of its IT environment, according to a Monday regulatory filing.

On Jan. 15, Conduent, which provides IT systems used in government services such as child support payments and food assistance, experienced a cybersecurity incident in which an unauthorized party accessed a segment of the company’s systems. The company said the breach led to the exfiltration of files containing personal information related to some clients’ end-users.

In response, the New Jersey company said in the filing that it activated its cybersecurity protocol, contacted external experts to assess and mitigate the situation, and restored affected systems within several days.

Conduent provides technology for public health services and Supplemental Nutrition Assistance Program payments in several states, including California, Florida, Indiana, Kentucky, New Jersey, North Carolina, Texas and Virginia, according to the jobs website Indeed.

As a result of the cyberattack, the filing stated, Conduent incurred “significant non-recurring expenses” in its first quarter due to notification obligations.

Federal law enforcement continues to investigate the January breach’s scope.

The filing says the compromised data has not been publicly disclosed.

In 2020, Conduent suffered a ransomware attack that temporarily disrupted its operations in Europe. Hackers behind the Maze ransomware variant claimed responsibility for the attack.