Newsletter

Government IT contractor Conduent says ‘third-party compromise’ caused outages

Description:  

In January 2025, Conduent, a prominent government IT contractor, experienced operational disruptions due to a cyberattack compromising one of its operating systems. The company swiftly contained the breach and, with the assistance of third-party security experts, confirmed the absence of known malicious activity in their technology environment. However, the recovery process led to several days of operational disruptions.  

The incident notably impacted child support payment processing in Wisconsin, where the Department of Children and Families reported system outages preventing the processing of mailed payments. Parents and beneficiaries faced delays in receiving funds, prompting Conduent to provide additional staff to expedite delayed payments. Wisconsin officials indicated that four states were affected by the outages but did not specify the others.  

Conduent holds numerous contracts with state governments, delivering technology solutions for programs such as Medicaid, child support, and food assistance. The company disburses approximately $100 billion in government payments annually and reported over $800 million in revenue in the last fiscal quarter. Notably, Conduent had previously faced a ransomware attack in 2020.  

External Links:

The Record

Hackers leak configs and VPN credentials for 15,000 FortiGate devices

Description:  

On January 15, 2025, the newly emerged hacking group known as the “Belsen Group” leaked sensitive data from over 15,000 FortiGate devices on the dark web. This 1.6 GB data dump includes configuration files, IP addresses, and VPN credentials, organized by country and device IP addresses. 

Cybersecurity expert Kevin Beaumont analyzed the leak and found that each device’s folder contains critical files such as ‘configuration.conf’ and ‘vpn-passwords.txt,’ with some passwords stored in plain text. The leaked data appears to have been collected in October 2022, likely through the exploitation of the CVE-2022–40684 vulnerability. 

Fortinet had previously acknowledged the exploitation of this vulnerability in October 2022. The exposure of this data poses significant security risks, as it provides cybercriminals with detailed information to potentially breach affected networks. Organizations using FortiGate devices are advised to review their security measures, update device firmware, and change any potentially compromised credentials to mitigate potential threats. 

External Links:

Bleeping Computer

OneBlood Confirms Data Breach in Ransomware Attack

Description:  

One of the largest blood donation non-profit organizations in the country, OneBlood, confirmed on January 13, 2025, that they suffered a ransomware attack in July 2024 that caused the release of donor’s personal information. 

According to the statement that was released by OneBlood to the affected donors, the personal information that was exfiltrated as part of the ransomware attack included names and social security numbers (SSNs). The company reported that there was no additional personal information released as part of the attack and provided a date range of impact from July 14 through July 29, 2024. 

From the investigation, OneBlood was able to discover that the ransomware attack originated on the company’s virtual machine infrastructure and included the encryption of numerous virtual machines that were used to conduct daily operations of blood collection across the country. 

External Links:

Bleeping Computer

Medical billing firm Medusind discloses breach affecting 360,000 people

Description:  

In December 2023, Medusind, a Miami-based medical billing firm, experienced a data breach affecting 360,934 individuals. 

The compromised data includes health insurance and billing details, payment information, medical histories, government identification numbers, and personal contact information. Upon detecting suspicious network activity, Medusind promptly took affected systems offline and engaged a cybersecurity forensic firm to investigate. The company is offering two years of free identity monitoring services through Kroll to those impacted and advises vigilance over account statements and credit reports for signs of unauthorized activity. 

External Links:

Bleeping Computer