Third-Party Breach Impacts Millions

Business process outsourcing (BPO) giant Conduent has confirmed a data breach that has impacted 10,545,598 individuals. The security incident did not occur on Conduent’s own systems but originated from a third-party vendor, HealthComp, which provides healthcare benefits administration services for Conduent’s health plans. Conduent disclosed the event in a filing with the U.S. Securities and Exchange Commission (SEC) on May 10, 2024.

The breach at HealthComp reportedly occurred between March 29th and March 30th, 2024. The personal information of Conduent health plan members was exposed during this incident.

Exposed Data and Company Response

According to the notification letters being sent to affected individuals, the compromised data includes a wide range of sensitive personal and health information. Exposed data includes names, dates of birth, Social Security numbers, addresses, and phone numbers. The breach also exposed health-related information such as diagnoses, medical histories, and other private medical details.

HealthComp is managing the notification process for those affected by the data breach. The letters sent to victims explain the nature of the incident and offer complimentary credit monitoring and identity theft protection services as a remediation measure.

Source: https://www.bleepingcomputer.com/news/security/bpo-giant-conduent-confirms-data-breach-impacts-105-million-people/