Mega Breach of Payment Processor Conduent
A provider of payment and document processing services to multiple state governments across the USA naturally has access to the critical data of countless citizens. Conduent is one of the largest in the nation, handling Medicaid, children’s health programs and public benefits. Last year they experienced a breach, and it appears to be a tale that just grows in the telling.
Early reports had already placed the number of affected at 10 million, but only lately are we learning that’s more in the realm of 25 million. Based on Conduent’s own assertion, their services reach over 100 million people, which means this breach has hit a quarter of their customer base.
Compromised data includes health insurance and medical information, as well as Social Security numbers from Massachusetts to Oregon. Less clear yet is the cause of the breach. While Conduent has said little about the incident other than allusions to the cost of investigation and remediation, a group known as Safepay has taken responsibility, and makes claims of 8 TB of stolen data.
Even if you feel as if, “oh it’s no big deal, by now my SSN’s out there in the ether already,” you may be…well, correct. It’s a safe assumption that at this point virtually everybody’s data is somewhere on the dark web. In no way does this mean, however, that we should give up the fight as a lost cause. Standing guard over your personal data is never more important than after a breach. Staying aware of phishing schemes that place links or QR codes from unknown senders in your inbox and changing any passwords currently in use across multiple accounts are important steps. Reused passwords remain, after all, an easy ingress for cyber thieves whose social engineering plans bear fruit.
This is why, as we’ve recently discussed, password protection can only do so much on the user end. Providers and other companies must ensure the data illicitly accessed is locked down with encryption, to prevent its future use by bad actors and keep databases protected (even on legacy systems) and in compliance.
Those who expect their data’s involvement in such a mega breach would also be wise to sign up for any free credit or identity monitoring services. These are usually offered by the breached entity, and Conduent right now is no different. It can also be useful to simply freeze your credit or place fraud alerts on your credit file.
Until Conduent provides more information, all we can is keep extra watch over our data.