Xerox Business Solutions Reveals Security Breach

Written by

A subsidiary of imaging giant Xerox has revealed it was struck by a “security incident” at the end of 2023, with one ransomware group already claiming responsibility.

Tampa-based Xerox Business Solutions (XBS) issued a statement on December 30 that the incident was “detected and contained” by its security team, and that it was limited to its US operations.

“The incident had no impact on Xerox’s corporate systems, operations or data, and no effect on XBS operations,” the statement continued.

“However, our preliminary investigation indicates that limited personal information in the XBS environment may have been affected. As per our policy and standard operating procedure, we will notify all affected individuals as required.”

It’s unclear who exactly has been impacted by this personal information breach, but XBS said “data privacy and protection of our clients, partners, and employees are our highest priority.”

Read more on ransomware: UK Logistics Firm Forced to Close After Ransomware Breach

Although the firm, which offers printing products and services, didn’t mention ransomware in its statement, a known group has claimed responsibility for the attack.

According to a screenshot shared on X (formerly Twitter), the Inc Ransom gang posted Xerox to its leak site on December 29, a day before the Xerox statement.

It’s increasingly common for ransomware actors to strike during public holidays or other dates when they suspect security teams will be short staffed or otherwise distracted. In fact, a Cybereason study from 2021 revealed that nearly two-fifths (37%) of UK firms don’t have contingency plans in place to respond to a ransomware attack during weekends and holiday periods.

This isn’t the first time Xerox has been on the receiving end of a ransomware breach. Back in 2020, the Maze group published tens of GBs worth of data from it and LG after the firms apparently refused to negotiate payment.

Inc Ransom emerged in July 2023 and has targeted organizations from a variety of sectors with classic double extortion attacks, according to SentinelOne.

Image credit: Lutsenko_Oleksandr /

What’s hot on Infosecurity Magazine?