On July 5th, IT provider, DXC Technology released a statement regarding their recent ransomware attack. The attack occurred in their subsidiary company, Xchanging. 

Before we get started on the ransomware attack, let’s look into the companies in question. 


DXC and Xchanging

To begin, DXC Technology is a multinational IT service and solution provider. 


DXC Technology helps our customers across the entire Enterprise Technology Stack with differentiated industry solutions. We modernize IT, optimize data architectures, and make everything secure, scalable and orchestrated across public, private and hybrid clouds. (Via DCX Tech Company Overview).


Overall, a tech company, providing IT services. Further, their subsidiary, Xchanging, is a similar company, mainly focusing on customers in the insurance field. 


Xchanging is a provider of technology-enabled business processing, technology and procurement services internationally to customers across many industry sectors. (Via Xchanging About Us).


Nonetheless, the link is apparent as to why one acquired the other. But, when Xchanging faced the ransomware attack, DXC Tech notified clients and filed with the U.S. Securities and Exchange Commission.


The Attack

Now that some background has been established, let’s take a look at the attack that occurred last week. 

When DXC Tech filed with the SEC about the attack, that is when the news of the attack became apparent. DXC released a statement saying they feel confident that the attack did not spread beyond the Xchanging network. 

In the statement the company released, they continue to assure the public that they believe none of the information accessed became compromised. 

Further, this does not mean that any customers weren’t affected


 DXC is actively working with affected customers to restore access to their operating environment as quickly as possible.. 


The statement from the company is rather short, but does cover the main points.


Next Steps

Now, what does all this mean for both companies? Well, jumping back to the statement, there is mention of an investigation and cooperation with law enforcement in regard to the attack. 

Continuing, not much other information seemed to come out of the company notice. So, attackers, methods or any other components are still a mystery pending further investigation.

Will the company release more information? Only time will tell. CPG will keep you updated if they do, so make sure to check back every friday for more cyber attacks and stories!


By Taylor Ritchey