Citrix confirmed hackers had access to its network for five months

Pierluigi Paganini May 02, 2019

Citrix confirmed that the hackers who breached its network stole sensitive personal information of both former and current employees for about six months.

In March, the American multinational software company Citrix disclosed a security breach, according to the firm an international cyber criminals gang gained access to its internal network. Experts at cybersecurity firm Resecurity attributed the attack to Iranian threat actors.

Hackers were able to steal business documents, but its products or services were not impacted by the attack.

Citrix discovered the intrusion after being notified by the FBI on March 6, 2019, the company announced to have secured its network and hired a forensic firm to assist with a forensic investigation of the incident.

Now the software giant Citrix provided more details about the data breach and confirmed that hackers had access to its network for roughly five months.

This week Citrix submitted a notice of data breach to the California Office of the Attorney General explaining that attackers had intermittent access to its network between October 13, 2018, and March 8, 2019.

The attackers exfiltrated files from company systems, some of them stored information on current and former employees. Exposed data includes names, social security numbers, and financial information.

“We currently believe that the cyber criminals had intermittent access to our network between October 13, 2018 and March 8, 2019 and that they removed files from our systems, which may have included files containing information about our current and former employees and, in limited cases, information about beneficiaries and/or dependents.” reads the notice of data breach sent by Citrix.


At the time of writing it is still unclear how many people have been impacted by the data breach.

The California’s Civil Code 1798.82(a) obliges companies to report data breaches to the state’s Attorney General if more than 500 California residents are impacted. This implies that even if Citrix did not provide the total number of affected employees in the notice, at least 500 state’s residents are affected.

The company is notifying all potentially impacted individuals and providing them with free credit monitoring and fraud protection services.

“Additionally, and as a precaution, we have arranged for you, at your option, to enroll in Equifax ID Patrol, a complimentary one-year credit monitoring, dark web monitoring, and identity restoration service. ” continues the notice.

In early April, Citrix revealed that hackers likely breached its network via password spraying, that means that hackers attempted to access the accounts using commonly used passwords.

“We identified password spraying, a technique that exploits weak passwords, as the likely method by which the threat actors entered our network.” reads a blog post published by Citrix.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Citrix, data breach)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment