Unprecedented number of individuals affected by Cybersecurity Incident in January, as revealed by Conduent.
In a recent cyberattack, Conduent Inc., a major government payments technology vendor, warned of a data breach that affected a significant number of people. The attack is believed to have impacted four states, with Pennsylvania and Oklahoma confirmed as being among those affected.
The hackers gained access to a limited number of Conduent's clients and exfiltrated files containing personal data for a significant number of end users. In response, Conduent is working closely with affected clients to provide appropriate notifications under the law.
In Pennsylvania, the Shapiro Administration has issued warnings to SNAP recipients to protect their Electronic Benefits Transfer (EBT) cards from skimming devices. The state uses Conduent’s secure platform for EBT card management and has implemented enhanced PIN security measures in response to skimming incidents.
Oklahoma’s Department of Human Services (DHS) uses Conduent’s ConnectEBT app for card management, including locking and unlocking EBT cards to prevent unauthorized transactions. The state emphasizes the use of this app to protect benefits against fraud, signaling reliance on Conduent’s electronic payment solutions.
While the exact number of states affected by the breach is not yet known, state and local government data breaches have been a growing concern. In a separate incident, more than 700,000 people were affected by a data breach.
It is worth noting that the Wisconsin Child Support Trust Fund uses Conduent as a vendor, and child support payments in Wisconsin were disrupted due to the cyberattack. However, the Wisconsin Department of Children and Families has been notified, and no user data in that state was breached.
Conduent is collaborating with Palo Alto Networks’ Unit 42 on the breach investigation to understand the full nature and scope of the affected data. The company has also incurred and accrued a material amount of nonrecurring expenses related to the breach.
As the investigation continues, Conduent, along with the affected states, will work to mitigate the impact of the cyberattack and ensure the security of electronic payment systems moving forward.
The cyber criminals illegally obtained sensitive user data by infiltrating Conduent's secure data-and-cloud-computing systems, putting thousands of people at risk. In an attempt to alleviate the situation, Conduent is cooperating with technology firm Palo Alto Networks to investigate the extent of the data breach and reinforce cybersecurity measures to prevent future incidents.
