American business services giant and government contractor Conduent confirmed today that a recent outage resulted from what it described as a “cyber security incident.”
Conduent has over 31,000 employees and provides services to half of Fortune 100 companies and over 600 government and transportation agencies. These include nine top U.S. health plans, four of five top global automakers, and multiple U.S. banks and pharma companies.
One week ago, the govtech giant also said it “supports approximately 100 million U.S. residents across various government health programs.”
Last week, the outage affected customers’ operations across multiple U.S. states, impacting organizations such as the Wisconsin Department of Children and Families, Oklahoma Human Services, and others.
This caused widespread issues for those relying on the affected organizations to make payments via electronic transfer or EBT cards.
“We experienced a service interruption that affected the Wisconsin Support Collections Trust Fund’s ability to process payments,” Conduent told BleepingComputer on Tuesday, two days after restoring systems and bringing services back online for Wisconsin’s Department of Children and Families.
“The Conduent technology team worked to resolve the issue. We sincerely regret the inconvenience this incident may have caused.”
However, one day later, after being asked to confirm if a cyberattack caused the outage, Conduent sent an updated statement saying the “operational disruption” was caused by “a cyber security incident.”
“This incident was contained and all systems have been restored. Maintaining system integrity and functionality is as important to us as it is to our clients.” the company told BleepingComputer.
Conduent hasn’t replied to additional requests for details on this incident, including disclosing the number of affected customers, whether the attackers had also stolen customer data, and whether they sent a ransom demand.
Also, the company has yet to issue a public statement or file an 8-K report with the U.S. Securities and Exchange Commission (SEC) to disclose this breach.
Four years ago, Conduent also confirmed a Maze ransomware attack two months after its European operations were disrupted in what the company described at the time as a “service interruption.”