Conduent said a breach that was first discovered in January has been traced back to an October 2024 intrusion that experts uncovered after a months-long forensic investigation, according to a filing Thursday with the Maine Attorney General’s office.
Conduent said an unauthorized third-party gained access to its systems on Oct. 21, 2024, and maintained access until Jan. 13 of this year.
According to the filing, 334 people were impacted in the state of Maine. The Maine AG normally includes the total number of affected people in a breach, but Conduent did not provide that information, according to a spokesperson for the AG.
A similar filing was also made Friday with the California Attorney General’s office.
The New Jersey–based government contractor initially confirmed the attack in January, after Wisconsin officials warned of delays in child support payments. Wisconsin was one of at least four states known to be impacted by the outage at the time.
Conduent later warned in an April regulatory filing that a significant number of people had their personal data breached in the January attack. The company said it had incurred a material amount of nonrecurring expenses related to the incident, in a filing with the Securities and Exchange Commission.
In its first-quarter earnings report filed in May, Conduent disclosed $25 million in direct costs related to breach response. The company confirmed it has insurance coverage, but was still investigating the full extent of the breach.
Conduent previously notified law enforcement and has been working with third-party forensic experts. Palo Alto Networks has assisted Conduent with incident response.
Conduent is a major government contractor that provides printing, payments, back-end processing and other services to state agencies, insurance companies, transit systems and other organizations.
Premera Blue Cross, a Mountlake Terrace, Wash.–based health insurance provider, on Thursday also confirmed it had been impacted by the Conduent breach. The breached data may have included names, Social Security numbers, dates of birth, treatment information and claim numbers.
Premera said none of it’s own systems were impacted by the breach.
Not every impacted customer had the same type of data affected, Premera added. The company said it does not expect a material financial impact related to the breach.
The Wisconsin Child Support Trust Fund previously confirmed that the attack impacted its ability to support child support payments earlier in the year.
