Another ransomware gang says it breached IT giant Conduent

Ransomware gang SafePay today claimed responsibility for a January 2025 cyber attack against IT giant Conduent.

Conduent suffered an outage at the time that it confirmed on January 22 was the result of a cyber security incident. The outage disrupted electronic money transfers and EBT payments made by its clients, which include half of Fortune 100 companies, for two days.

Conduent has not verified SafePay’s claim, which says the ransomware group stole 8.5 TB of data. We do not yet know what data was compromised, if Conduent paid a ransom, how much SafePay demanded, or how attackers breached Conduent’s network.

Conduent replied to Comparitech’s questions with the following statement:

“As we shared in January, Conduent experienced an operational disruption due to a compromise of one of our technology operating systems. This compromise was quickly contained, and our technology environment continues to be free of known malicious activity as confirmed by our third-party security experts. Working with our incident response partners and law enforcement officials, we continue to investigate the unauthorized access and review any possible data exposures. Maintaining system integrity and functionality is as important to us as it is to our clients.”

SafePay gave Conduent three days to pay an undisclosed amount in ransom, or else the stolen data will be sold or published online.

This isn’t Conduent’s first run-in with ransomware. In May 2020, the company notified 969 people of a data breach claimed by the Maze ransomware group.

Who is SafePay?

SafePay is a relatively new ransomware gang that first started adding targeted organizations to its data leak site in November 2024. The group has since claimed 15 confirmed ransomware attacks, plus another 65 unconfirmed claims that haven’t been acknowledged by the targets.

Other recently confirmed SafePay targets include New Zealand law firm Bell & Graham and the Harrison County, WV board of education. In October 2024, SafePay hit British software company Microlise, an attack that affected prison transport van tracking among other disruptions.

Ransomware attacks on US tech

Ransomware attacks can lock down computer systems and steal confidential data. If the targeted company doesn’t pay a ransom, then it faces extended downtime, data loss, an putting customers at increased risk of fraud.

SafePay’s attack on Conduent is the first confirmed ransomware attack on a US tech firm in 2025, though Comparitech researchers have logged 36 unconfirmed claims so far this year.

In 2024, we tracked 12 confirmed ransomware attacks on US tech companies, which was a significant decline from 2023’s 44 confirmed attacks. We counted 104.4 million records compromised in 2023, compared to just 1.9 million in 2024.

One of the biggest such attacks in 2024 was against ITSG, which notified 900,000 people of an October data breach claimed by ransomware gang BianLian.

About Conduent

Conduent is an enterprise IT services giant that serves half of Fortune 100 companies and more than 600 government and transportation agencies. Its clients span healthcare, automakers, banks, and pharmaceutical companies.