Xerox Subsidiary XBS Targeted in Cyberattack, Employee and Client Data Exposed

Xerox Corporation has disclosed a cyberattack on its subsidiary XBS, which potentially compromised the personal information of employees and clients. Official confirmation followed shortly after the hacker group INC claimed responsibility for the cyber incident.

Representatives of Xerox, renowned for its copiers and other office equipment, with revenues exceeding 7 billion dollars the year before last, announced their active collaboration with cybersecurity experts to conduct a comprehensive investigation. According to their reports, the incident did not impact Xerox’s corporate systems or operations, but there was a limited breach of personal information in the XBS system.

It is noted that XBS provides small and medium-sized businesses with printers, copiers, and software. The company plans to notify all affected parties about the data breach shortly.

Researchers from SentinelOne note that the INC group, typically exploiting the CVE-2023-3519 vulnerability in Citrix products, emerged in July and targets a range of industries, including education, healthcare, and government organizations. In 2023, the group executed a series of high-profile attacks on major companies, including Japan’s Yamaha Motor and the American WellLife Network.

Additionally, this is not the first time Xerox has encountered extortionist gangs. In 2020, the hacker group Maze published 25.8 GB of Xerox data. The company was also mentioned in the Conti correspondence leak in 2022, although the exact circumstances of this case remain unknown.