Ransomware victim disclosure
← All victimsExela Technologies
Claimed by Hive · listed 4 years ago
Status timeline
- ListedJul 13, 2022
- Data leakeddate unknown
At a glance
- Group
- Hive
- Status
- Data leaked
- Country
- United States
- Sector
- Information Technology
- Listed on leak site
- Jul 13, 2022
About the victim
AI dossier — public-source company profileExela Technologies (operating globally under the XBP Global brand) is a workflow automation and business process outsourcing company serving over 2,500 clients across 20 countries with approximately 10,600 employees. The company provides services including document digitisation, enterprise information management, output management, intelligent document processing, and revenue cycle management. It has served over 60 Fortune 100 clients and operates more than 85 delivery centres and 400 managed facilities worldwide.
- Industry
- Business Process Outsourcing & Workflow Automation
- Employees
- 10600
Attack summary
Severity: critical — Exela Technologies handles large-scale regulated data including healthcare revenue cycle management, financial and accounting outsourcing, and document processing for over 2,500 global clients including Fortune 100 companies; data_published status confirms exfiltration and public release of potentially highly sensitive PII, medical, and financial data at significant scale.The Hive ransomware group claimed an attack against Exela Technologies and the disclosure status is marked as data_published, indicating that exfiltrated data was published. No specific details about the volume of data, encryption activity, or nature of published files were captured in the leak post.
Data the group says was taken
AI dossier — extracted from the leak post- Business process data
- Client records
- Enterprise document archives
- Financial and accounting records
- Healthcare revenue cycle data
- Employee information
Sources
- Victim siteexelatech.com
Source
Indexed 4 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

