
The cybercriminals who breached Citrix's network for nearly five months may have accessed and removed Social Security numbers and financial information for current and ex-employees.
The Santa Clara, Calif.-based software company said that, in limited cases, the adversaries might have also captured the names, Social Security numbers and financial data for the beneficiaries and dependents of Citrix employees, according to a breach notice filed this week with the California Attorney General's office.
"We deeply regret that this incident occurred and take the security of employee information seriously," Peter Lefkowitz, Citrix's chief privacy and digital risk officer, wrote in the notice.
[Related: Citrix Hacked By Foreign Criminals, Business Documents Possibly Downloaded]
Citrix believes the cybercriminals had intermittent access to the company's network between Oct. 13, 2018, and March 8, 2019. In the weeks following the discovery of the breach, Citrix said it and outside security experts took measures to expel the bad actors from its systems and prevent future cybercriminals from entering the network through a similar mechanism.
The FBI first informed Citrix March 6 that it had reason to believe that international cybercriminals had gained access to Citrix's internal network. The company's forensic security experts subsequently confirmed that the malicious actors had removed files from Citrix's internal systems that included information about current and employee employees, as well as certain beneficiaries and dependents.
Citrix first disclosed the hack in a March 8 blog post by Chief Security and Information Officer Stan Black. The company hasn't indicated how many individuals were affected by the breach, and didn't immediately respond to a request for additional comment.
Company employees will be allowed to enroll in Equifax ID Patrol -- a complimentary one-year credit monitoring, dark web monitoring, and identity restoration service -- in countries where it is available, Citrix said. Where possible, Citrix said Equifax benefits will also be made available to beneficiaries and dependents who had their information compromised as part of the breach.
Following receipt of the information from the FBI, Citrix said it immediately launched an investigation, engaged leading cybersecurity firms for assistance, and cooperated with law enforcement in connection with their own investigation into the cybercrminals. Citrix is monitoring for signs of further activity, but to date hasn't found any indication that the security of any Citrix product or service was compromised.
"We have taken steps to address issues that could have contributed to this situation, and we are invested in resources and technology to improve our internal security going forward," Citrix wrote in an employee FAQ filed as part of the breach notice.
The threat actors likely entered Citrix's network via password spraying, according to an April 4 blog post by Eric Armstrong, the company's vice president of corporate communications. In password spraying, the threat actor seeks to access as many accounts as possible by attempting login with the most commonly used passwords.
In addition to expelling the threat actors from Citrix's systems, Armstrong said the company performed a forced password reset throughout its corporate network and improved internal password management protocols. The investigation is a complex and dynamic process, Armstrong said, and is still ongoing.
"It is difficult to predict how long an investigation like this will take," Armstrong said. "We are going to continue to follow all indicators of suspicious activity to ensure we have thoroughly addressed the incident."
related stories
Video
trending stories
sponsored resources

Cysurance
Cyber Insurance 360

EPOS
EPOS

Fujifilm
Fujifilm

Dell Technologies
Dell Technologies Storage Learning Center

Mimecast
Mimecast

Carbonite
Cloud Storage 360

Application Integration 360

Hitachi Vantara
Hitachi Vantara

Dell Technologies
Dell Technologies Cloud Learning Center

Tenable
Cyber Risk 360

Webroot
Webroot Learning Center

NPD
Industry Trends 360

BlackBerry
BlackBerry Learning Center

Symantec
Symantec Business Security Learning Center

Sherweb
Sherweb

Acer
Remote Workforce 360

APC by Schneider Electric
Digital Services for Edge Learning Center

Channel Chief Showcase

StorageCraft
Disaster Recovery Learning Center

Vertiv
Edge Computing Learning Center

Wasabi
Wasabi

Dell Technologies
Dell Technologies Hybrid Cloud Learning Center

Cradlepoint
5g for Business 360

Comm100
Collaboration & Communications 360

Veeam
Veeam

Smart 3rd Party
3rd Party Maintenance 360

Sophos
Sophos Cybersecurity Learning Center

Trend Micro
Trend Micro Learning Center

VMware

HubStor
Cloud Backup 360

eSentire
Managed Detection and Response 360

Comcast Business
Comcast Business Learning Center
