Cyber Incident Victim: DXC Technology

On July 5, 2020, DXC Technology disclosed a ransomware attack targeting systems operated by its subsidiary Xchanging, a managed service provider (MSP) primarily serving insurance industry clients alongside customers in financial services, aerospace and defense, automotive, education, consumer packaged goods, healthcare, and manufacturing sectors. The company detected the intrusion within the Xchanging network and promptly initiated containment procedures, asserting the incident did not propagate beyond Xchanging’s infrastructure. DXC Technology filed an 8-K form with the U.S. Securities and Exchange Commission confirming the attack but reported no evidence of data exfiltration or compromise during preliminary investigations. An unspecified number of customers experienced operational disruption, losing access to their managed service environments. Remediation efforts commenced immediately, with DXC prioritizing service restoration while maintaining that compromised customer data remained secure.

DXC Technology engaged law enforcement and relevant authorities to investigate the ransomware incident, though no threat actor claimed responsibility and the malware variant remained unidentified. The company’s spokesperson emphasized the attack’s isolation to a limited segment of Xchanging’s operations, noting most affected customers had already regained service access by the time of public disclosure. While DXC characterized the financial impact as immaterial to its overall revenue, it acknowledged the seriousness of the breach and continued restoration work for a small residual group of clients. Internal and external forensic analyses found no indication of data loss or lateral movement beyond Xchanging’s systems, though the exact timeline of initial compromise detection remained undisclosed. Ongoing remediation focused on full operational recovery without disclosing technical specifics of containment measures or ransom demands.