US-based
Xerox Corporation
that sells print and digital document products and services around the world has confirmed a recent data breach. The company has announced that its US division, also known as
Xerox Business Solutions
(XBS) was compromised by hackers and a limited amount of personal information has been possibly exposed.
XBS
specialises in document technology and services along with offering various products, which includes printers, copiers, digital printing systems as well as associated consultation and supply services.
How the data breach affected Xerox
Last year, on December 29, INC Ransom
ransomware
gang added XBS to its extortion portal. The cybercrime group also claimed to have stolen sensitive data and confidential documents from the company’s systems. According to a report by Bleeping Computer, the data samples shared on the INC Ransom data leak site includes email communications (with content and addresses exposed), payment details, invoices, filled-out request forms and purchase orders.
What the company has to say about the breach
The company shared a statement after the cybersecurity incident. In the statement, the company said: “Recently, Xerox's subsidiary, Xerox Business Solutions, (was hit by a data breach) which was detected and contained by Xerox cybersecurity personnel. The event was limited to XBS U.S. We are actively working with third-party cybersecurity experts to conduct a thorough investigation into this incident and are taking necessary steps to further secure the XBS IT environment.”
The company also added that the attack had no impact on the Xerox's or XBS' operations. However, a preliminary investigation has indicated that limited personal information was exposed in the attack.
The report claims that cyberattackers may hold data on multiple XBS clients, partners and employees. However, the extent of the breach remains unknown at this time. Xerox has also assured that it will notify all affected individuals after confirming to have been impacted by this incident.
Earlier, in 2020, Xerox suffered a ransomware attack when the Maze ransomware group added the company to its list of victims. The cybercrime group also threatened to publish over 100GB of stolen data.