Conduent Breach: 10.5M Records, 85 Days Dwell Time, 8.5TB Claimed
Category:Data Breach / Enterprise
Conduent disclosed a breach impacting over 10.5 million individuals after attackers maintained access from October 21, 2024 to January 13, 2025—85 days of dwell time before detection. SafePay ransomware gang claimed responsibility in February 2025, stating they exfiltrated 8.5TB including names, SSNs, DOBs, medical info, and health insurance details. What's brutal: Conduent provides third-party services for approximately 100 million US residents across government health programs, toll systems, and federal benefit disbursements. HIPAA Journal ranks this as the eighth largest healthcare breach of all time. The three-month window gave attackers plenty of runway for reconnaissance and systematic data staging.
CORTEX Protocol Intelligence Assessment
The 85-day dwell time is particularly nasty—attackers had ample opportunity for reconnaissance and data staging before exfiltration. SafePay emerged in October 2024 and has been consistently active since. What's notable: Conduent's role as a BPO handling citizen data for government programs means this breach cascades across multiple states and federal agencies. The 8.5TB claim suggests systematic collection rather than opportunistic theft.
Strategic Intelligence Guidance
- SafePay ransomware active since October 2024, now targeting BPO providers
- Attack timeline: initial access Oct 21, 2024 → discovery Jan 13, 2025
- Data exposed: PII, SSNs, medical records, health insurance details across multiple states
- Impact scope: 10.5M+ Oregon, 4M+ Texas, 76K Washington, hundreds Maine
Vendors
Threats
Targets
Impact
Data Volume:8.5TB
Financial:10.5M individuals
Intelligence Source: Conduent Data Breach Impacts Over 10.5 Million Individuals | Nov 1, 2025