Xerox says subsidiary XBS U.S. breached after ransomware gang leaks data

The U.S. division of Xerox Business Solutions has been compromised by hackers with a limited amount of personal information possibly exposed, according to a statement by the parent company, Xerox Corporation.
XBS specializes in document technology and services, providing various products, including printers, copiers, digital printing systems, and associated consultation and supply services.
INC Ransom ransomware gang added the corporation to its extortion portal on December 29, claiming to have stolen sensitive data and confidential documents from its systems.
After contacting Xerox about the security incident, the company shared a statement with BleepingComputer over the weekend.
The company says that the attack has had no impact on the Xerox's or XBS' operations.
A preliminary investigation has indicated that limited personal information was exposed in the attack.
The data samples shared on the INC Ransom data leak site include email communications, payment details, invoices, filled-out request forms, and purchase orders.
The threat actors may hold data on multiple XBS clients, partners, and employees, but the extent of the breach remains unknown at this time.
Xerox assures it will notify all affected individuals confirmed to have been impacted by this incident.
BleepingComputer has noticed that the Xerox entry has been removed from INC Ransom's leak portal for unknown reasons, usually indicative of resumed negotiations between a victim and the threat actors.
Xerox had previously suffered a ransomware attack in the summer of 2020, when the Maze ransomware group added the company to its list of victims, threatening to publish over 100GB of stolen data.
Integris Health patients get extortion emails after cyberattack.
Victoria court recordings exposed in reported ransomware attack.
The biggest cybersecurity and cyberattack stories of 2023.
Panasonic discloses data breach after December 2022 cyberattack.
Nissan Australia cyberattack claimed by Akira ransomware gang.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 02 Jan 2024 17:30:26 +0000

Cyber News related to Xerox says subsidiary XBS U.S. breached after ransomware gang leaks data

Xerox says subsidiary XBS U.S. breached after ransomware gang leaks data - The U.S. division of Xerox Business Solutions has been compromised by hackers with a limited amount of personal information possibly exposed, according to a statement by the parent company, Xerox Corporation. XBS specializes in document technology ...
1 year ago Bleepingcomputer.com

Xerox's US subsidiary Hit by Cyber Attack: Personal Info Exposed - Recently, Xerox's US subsidiary, Xerox Business Solutions, experienced a cyber incident, prompting immediate action from Xerox's cybersecurity personnel. While the specifics of the intrusion remain under investigation, initial reports indicate ...
1 year ago Cybersecuritynews.com

Xerox confirms 'security incident' at subsidiary The Register - Xerox has officially confirmed that a cyber baddie broke into the systems of its US subsidiary - a week after INC Ransom claimed to have exfiltrated data from the copier and print giant. Xerox Business Solutions, a subsidiary of Xerox, offers a range ...
1 year ago Go.theregister.com

The Week in Ransomware - With it being the first week of the New Year and some still away on vacation, it has been slow with ransomware news, attacks, and new information. Last weekend, BleepingComputer tested a new decryptor for the Black Basta ransomware to show how it ...
1 year ago Bleepingcomputer.com

How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
4 months ago Aws.amazon.com

After ransomware claims, Xerox says subsidiary hit with cyberattack - Xerox said a subsidiary is dealing with a cyberattack that may have involved the theft of personal information. Last week a ransomware gang named INC claimed it attacked the company - which earned over $7 billion in 2022 from selling printers in more ...
1 year ago Therecord.media

Xerox Confirms Data Breach at US Subsidiary Following Ransomware Attack - Printing solutions giant Xerox over the weekend confirmed that its US-based subsidiary Xerox Business Solutions experienced a data breach. The incident, the company says, was limited to Xerox Business Solutions US and was contained by its ...
1 year ago Packetstormsecurity.com

Ransomware Group Claims Cyber Breach of Xerox Subsidiary - The cyber incident's scope was limited to XBS in the US and has now been contained after initially being discovered by Xerox cybersecurity personnel. Xerox Corp. makes office and production printers, projectors, scanners, and a variety of other ...
1 year ago Darkreading.com

The Week in Ransomware - Earlier this month, the BlackCat/ALPHV ransomware operation suffered a five-day disruption to their Tor data leak and negotiation sites, rumored to be caused by a law enforcement action. The FBI revealed this week that they hacked the BlackCat/ALPHV ...
1 year ago Bleepingcomputer.com

Waiting for the BlackCat rebrand - We saw another ransomware operation shut down this week after first getting breached by law enforcement and then targeting critical infrastructure, putting them further in the spotlight of the US government. While the Tor onion domain seizure was a ...
11 months ago Bleepingcomputer.com

Yamaha Motor confirms ransomware attack on Philippines subsidiary - Yamaha Motor's Philippines motorcycle manufacturing subsidiary was hit by a ransomware attack last month, resulting in the theft and leak of some employees' personal information. "One of the servers managed by [.] motorcycle manufacturing and sales ...
1 year ago Bleepingcomputer.com

Fidelity National Financial: Hackers stole data of 1.3 million people - Fidelity National Financial has confirmed that a November cyberattack has exposed the data of 1.3 million customers. FNF is an American title insurance and transaction services provider for the real estate and mortgage industries. It is one of the ...
1 year ago Bleepingcomputer.com

The Week in Ransomware - This week was pretty quiet on the ransomware front, with most of the attention on the seizure of the BreachForums data theft forum. That does not mean there was nothing of interest released this week about ransomware. A report by CISA said that the ...
9 months ago Bleepingcomputer.com

Researchers link 3AM ransomware to Conti, Royal cybercrime gangs - Security researchers analyzing the activity of the recently emerged 3AM ransomware operation uncovered close connections with infamous groups, such as the Conti syndicate and the Royal ransomware gang. The 3AM ransomware gang's activity was first ...
1 year ago Bleepingcomputer.com

Xerox Printer Vulnerabilities Enable Credential Capture - "Since LDAP and SMB settings on MFP devices typically contain Windows Active Directory credentials, a successful attack would give a malicious actor access to Windows file services, domain information, email accounts, and database systems," ...
2 days ago Darkreading.com

Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
2 years ago Heimdalsecurity.com

The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
1 year ago Securityboulevard.com

BlackSuit ransomware gang claims attack on KADOKAWA corporation - The BlackSuit ransomware gang claimed a recent cyberattack on KADOKAWA corporation and is now threatening to publish stolen data if a ransom is not paid. KADOKAWA is a Japanese media conglomerate that operates numerous companies in film, publishing, ...
7 months ago Bleepingcomputer.com

The Week in Ransomware - Governments struck back this week against members of ransomware operations, imposing sanctions on one threat actor and sentencing another to prison. On Tuesday, the Australian, US, and UK governments announced sanctions against Aleksandr Gennadievich ...
1 year ago Bleepingcomputer.com

US mortgage lender loanDepot confirms ransomware attack - Leading U.S. mortgage lender loanDepot confirmed today that a cyber incident disclosed over the weekend was a ransomware attack that led to data encryption. LoanDepot is a major nonbank mortgage lender in the United States, with over $140 billion in ...
1 year ago Bleepingcomputer.com

FBI disrupts Blackcat ransomware operation, creates decryption tool - The Department of Justice announced today that the FBI successfully breached the ALPHV ransomware operation's servers to monitor their activities and obtain decryption keys. On December 7th, BleepingComputer first reported that the ALPHV, aka ...
1 year ago Bleepingcomputer.com

The new ransomware behind Indonesia's data center attack - The new Brain Cipher ransomware operation has begun targeting organizations worldwide, gaining media attention for a recent attack on Indonesia's temporary National Data Center. Indonesia is building out National Data Centers to securely store ...
7 months ago Bleepingcomputer.com

Latest Cyber News

Ukrainian hackers claim breach of Russian loan company linked to Putin’s ex-wife | The Record from Recorded Future News - 15 minutes ago
Black Basta is latest ransomware group to be hit by leak of chat logs | The Record from Recorded Future News - 2 hours ago
CISA Releases 7 ICS Advisories Detailing Vulnerabilities & Exploits - 7 hours ago
Pegasus Spyware Used Widely to Target Individuals in Private Industry & Finance Sectors - 8 hours ago
SPAWNCHIMERA Malware Exploiting Ivanti Buffer Overflow Vulnerability By Applying A Fix - Cyber Security News - 8 hours ago
Chinese Hackers Using New Bookworm Malware In Attacks Targeting Southeast Asia - 9 hours ago
Google Released PoC Exploit for Palo Alto Firewall Command Injection Vulnerability - 11 hours ago
New Active Directory Pentesting Tool For KeyCredentialLink Management - 11 hours ago
Windows Wi-Fi Password Stealer Malware Found Hosted on GitHub - 13 hours ago
China-linked hackers target European healthcare orgs in suspected espionage campaign | The Record from Recorded Future News - 14 hours ago
CVE-2025-27097 - 18 hours ago
CVE-2025-27098 - 18 hours ago
Apiiro unveils free scanner to detect malicious code merges - 18 hours ago
Black Basta ransomware gang's internal chat logs leak online - 18 hours ago
CVE-2025-0352 - 19 hours ago
CVE-2025-1265 - 19 hours ago
CVE-2025-24893 - 19 hours ago
CVE-2025-25299 - 19 hours ago
Ivanti Endpoint Manager Vulnerabilities Proof-of-Concept (PoC) Exploit Released - 19 hours ago
New NailaoLocker Ransomware Attacking European Healthcare - 19 hours ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

Ukrainian hackers claim breach of Russian loan company linked to Putin’s ex-wife | The Record from Recorded Future News - 15 minutes ago
Black Basta is latest ransomware group to be hit by leak of chat logs | The Record from Recorded Future News - 2 hours ago
CISA Releases 7 ICS Advisories Detailing Vulnerabilities & Exploits - 7 hours ago
Pegasus Spyware Used Widely to Target Individuals in Private Industry & Finance Sectors - 8 hours ago
SPAWNCHIMERA Malware Exploiting Ivanti Buffer Overflow Vulnerability By Applying A Fix - Cyber Security News - 8 hours ago
Chinese Hackers Using New Bookworm Malware In Attacks Targeting Southeast Asia - 9 hours ago
Google Released PoC Exploit for Palo Alto Firewall Command Injection Vulnerability - 11 hours ago
New Active Directory Pentesting Tool For KeyCredentialLink Management - 11 hours ago
Windows Wi-Fi Password Stealer Malware Found Hosted on GitHub - 13 hours ago
China-linked hackers target European healthcare orgs in suspected espionage campaign | The Record from Recorded Future News - 14 hours ago
CVE-2025-1272 - 2 days ago
CVE-2025-27090 - 1 day ago
CVE-2023-51305 - 1 day ago
CVE-2024-10339 - 1 day ago
CVE-2024-37359 - 1 day ago
CVE-2024-37360 - 1 day ago
CVE-2024-5705 - 1 day ago
CVE-2024-5706 - 1 day ago
CVE-2025-21355 - 1 day ago
CVE-2025-24989 - 1 day ago