Cyber Incident Victim: Xchanging
Date:
Jul 2020
Location:
United States of America
Summary
A ransomware attack targeted systems of a global IT services provider's subsidiary specializing in managed services for insurance and other industries, impacting multiple clients by denying access to their operating environments. The incident was contained within the subsidiary's network, with no evidence of data compromise or loss found during initial investigations; remediation efforts restored services for nearly all affected customers, while the company collaborated with law enforcement and authorities. The specific ransomware variant remained unidentified, and no threat actor claimed responsibility for the attack.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On July 5, 2020, DXC Technology disclosed a ransomware attack targeting systems operated by its subsidiary Xchanging, a managed service provider (MSP) primarily serving insurance industry clients alongside customers in financial services, aerospace and defense, automotive, education, consumer packaged goods, healthcare, and manufacturing sectors. The company detected the intrusion within Xchanging's network but did not specify the exact timeline of initial discovery. DXC Technology filed an 8-K form with the U.S. Securities and Exchange Commission confirming the incident’s containment within Xchanging’s infrastructure, with no evidence of lateral movement into broader corporate systems or external customer networks. Initial investigations found no indications of data exfiltration or compromise, though the ransomware’s encryption functionality disrupted access to operational environments for an undisclosed number of Xchanging clients. The attack impaired these customers’ ability to access their managed services, prompting immediate containment and remediation measures by DXC’s response teams.
DXC Technology prioritized service restoration for affected clients, with remediation work initially focused on a limited subset of customers. A company spokesperson stated that nearly all impacted clients had services restored shortly after the disclosure, emphasizing that the incident involved only a "subset" of Xchanging’s business operations. While the financial impact from disrupted services was deemed immaterial to DXC’s overall revenue, the company engaged law enforcement and regulatory authorities to support the ongoing investigation, contributing to the limited public details regarding attack vectors or ransomware variants. No threat actor claimed responsibility for the intrusion, and DXC maintained throughout its communications that customer data remained uncompromised despite operational disruptions. The incident underscored the systemic risks posed by ransomware attacks targeting managed service providers, given their potential to cascade disruptions across multiple client organizations simultaneously.