Xerox Among Several Major Firms Hit by Massive
Data Breach Exposing 760,000 Employee Records. Over 760,000 employee records from several high-profile companies, including Xerox, were exposed online this week after a hacker posted the sensitive data on a popular cybercrime forum. The leak is believed to be part of the fallout from last yearโs MOVEit hack, a large-scale breach involving a vulnerability in Progress Software’s file transfer tool.
The breach, attributed to the Russia-linked Cl0p ransomware group, impacted nearly 2,800 organizations and affected the personal data of around 100 million individuals. The newly leaked data was shared on BreachForums by a hacker known as Nam3l3ss, who has previously been associated with data dumps tied to the MOVEit attack.
The stolen records primarily belong to employees of companies such as Bank of America, Koch Industries, Nokia, JLL, Xerox, Morgan Stanley, and Bridgewater. The data includes sensitive details such as names, email addresses, phone numbers, work IDs, job titles, and the names of managers. For Xerox, the breach exposed the personal information of 42,735 individuals.
Cybersecurity experts, including those from Atlas Privacyโs DataBreach service, believe the data was extracted from the massive trove of information exfiltrated during the MOVEit hack. โWe believe the data originates from the Cl0p ransomware group, who are known for using vulnerabilities like MOVEit to steal and publish sensitive information as part of their extortion efforts,โ explained Atlas Privacy co-founder Tsachi Ganot. “Itโs likely Nam3l3ss repackaged the data for broader dissemination.”
The leak provides a detailed organizational map, making it a valuable resource for threat actors engaging in social engineering attacks. In addition to the core employee data, some breaches also contain supplementary documents, though in this case, such records appear to be limited.
The Xerox breach, which exposed the information of tens of thousands of current and former employees, underscores the growing risks associated with file transfer vulnerabilities and highlights the ongoing threat posed by the Cl0p group.