Cyber Incident Victim: Xerox Corporation
Date:
Dec 2023
Location:
United States of America
Summary
A cybersecurity incident impacted Xerox Corporation's XBS subsidiary, detected and contained by internal security teams. The company engaged third-party experts to investigate and implemented additional safeguards for the subsidiary's IT environment. Corporate systems, operations, and data remained unaffected, with no disruption to XBS business activities. Preliminary findings suggest limited exposure of personal information within the subsidiary's environment. The organization committed to notifying potentially affected individuals in accordance with its data protection policies, emphasizing its prioritization of stakeholder privacy.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On December 1, 2023, Xerox Corporation publicly disclosed a cybersecurity incident impacting its subsidiary Xerox Business Solutions (XBS). The company confirmed that the security event was detected and subsequently contained by its internal cybersecurity personnel. Xerox emphasized that the incident remained isolated to the XBS IT environment, with no observed impact on corporate systems, broader Xerox operations, or Xerox-owned data. XBS operations also continued without disruption throughout the event. Following containment, Xerox engaged third-party cybersecurity experts to conduct a comprehensive investigation into the nature and scope of the breach. This investigation remains active as of the statement's release date.
Preliminary findings from the ongoing investigation indicated that unauthorized access to the XBS environment may have compromised a limited amount of personal information. Xerox did not specify the exact type of personal data involved, the number of affected individuals, or the methods used by the threat actor. The company reiterated its commitment to notifying all affected individuals in accordance with its internal policies and standard operating procedures, though no timeline for notifications was provided. Xerox stated that data privacy and protection for clients, partners, and employees were its highest priority and confirmed that steps were being taken to further secure the XBS IT infrastructure beyond the initial containment measures. No additional subsidiaries, business units, or customer systems outside of XBS were implicated in the incident.