Hidden Dwell Time, Wider Impact: What Conduent’s Breach Reveals About Contractors
April 18, 2026 Cyber Trends
Hidden Dwell Time, Wider Impact: What Conduent’s Breach Reveals About Contractors
The Conduent breach was not a brief 2025 incident but a three-month intrusion starting in October 2024 that let an attacker move through a contractor serving government and healthcare programs, turning one vendor’s compromise into many customers’ problem.
Conduent confirmed that the data breach it disclosed in January 2025 actually began on October 21, 2024 and the attacker stayed inside its environment until January 13, 2025. During that time, the threat actor accessed files tied to government and healthcare clients, exposing names, Social Security numbers, and protected health information tied to more than 10 million people across multiple states. Conduent is notifying regulators and affected clients now because the full scope only became clear after months of forensics.
This matters because the intruder had 3 months of dwell time inside a contractor that runs critical back-office functions for state agencies, health plans, and benefits programs—meaning the breach became a supply-chain event for every connected customer. It also shows that initial “limited” breach notices can expand once investigators trace activity back into older logs. Agencies and covered entities relying on Conduent must now treat this as an active third-party risk incident, not just a vendor notification.
Stay ahead of evolving threats with expert insights
Subscribe to our newsletter to keep you updated on the latest cybersecurity insights & resources.
One follow-up from a security expert—no spam, ever.