Xerox says subsidiary XBS U.S. breached after ransomware gang leaks data

The U.S. division of Xerox Business Solutions (XBS) has been compromised by hackers with a limited amount of personal information possibly exposed, according to a statement by the parent company, Xerox Corporation.

XBS specializes in document technology and services, providing various products, including printers, copiers, digital printing systems, and associated consultation and supply services.

INC Ransom ransomware gang added the corporation to its extortion portal on December 29, claiming to have stolen sensitive data and confidential documents from its systems.

After contacting Xerox about the security incident, the company shared a statement with BleepingComputer over the weekend.

"Recently, Xerox's subsidiary, Xerox Business Solutions, which was detected and contained by Xerox cybersecurity personnel," Xerox said in a statement shared with BleepingComputer.

"The event was limited to XBS U.S. We are actively working with third-party cybersecurity experts to conduct a thorough investigation into this incident and are taking necessary steps to further secure the XBS IT environment."

The company says that the attack has had no impact on the Xerox's or XBS' operations. However, a preliminary investigation has indicated that limited personal information was exposed in the attack.

The data samples shared on the INC Ransom data leak site include email communications (with content and addresses exposed), payment details, invoices, filled-out request forms, and purchase orders.

The threat actors may hold data on multiple XBS clients, partners, and employees, but the extent of the breach remains unknown at this time.

Xerox assures it will notify all affected individuals confirmed to have been impacted by this incident.

BleepingComputer has noticed that the Xerox entry has been removed from INC Ransom's leak portal for unknown reasons, usually indicative of resumed negotiations between a victim and the threat actors.

Xerox had previously suffered a ransomware attack in the summer of 2020, when the Maze ransomware group added the company to its list of victims, threatening to publish over 100GB of stolen data.