Citrix data breach was first disclosed in March this year and now the company has said that it believes the hackers stayed in its internal network for about 6 months. However, the company also said that they have expelled all the hackers from its network now.
The tech giant based in Florida was alerted by the FBI on March 6 and then launched an investigation, which is still going. A spokeswoman from the company said in a statement,
“Through an extensive investigation into the cyber intrusion announced in early March, Citrix and its outside forensic experts have discovered that international cybercriminals accessed files containing personal information related to some employees”.
Moreover, she said that the investigation was going on and that they are notifying all potentially impacted people providing them with free fraud protection services. Also, she said that there was no indication of any Citrix product or service compromised by the hackers.
CITRIX Submits Breach Notification to California’s Attorney General
CITRIX submitted a breach notification to the Attorney General approving that the cybercriminals had access to their network from October 13, 2018, to March 8, 2019. In the letter, the company accepted that their files were removed from their system which may have contained information about their current or previous employees, financial information and about beneficiaries and dependents as well.
However, the company declined to comment on the number of individuals affected by the breach. But it said that they will offer one year of prepaid enrollment in Equifax ID Patrol, which is used for credit monitoring, dark web monitoring, and identity restoration service.
Also Read: Slowest Revenue Growth in 3 Years: Google
Improvements Promised Amidst Security Problems
Citrix said that they are making improvements which will block such attacks to happen in the future. Moreover, the company said that they have taken steps to address issues that could have contributed to this situation. However, the company did not inform what type of changes they are making in its security framework.
How hard Citrix may take a stand now, it appears clear that the problem is a result of password spraying. At least the latest report suggests that the FBI reported the company that it looked as if the attackers had used password spraying to gain limited access to accounts.
Security experts define password spraying as the use of the commonly used password or its combinations to avoid detection. Username or email and previous password combinations lead to these leaks.
Meanwhile, the company has done a forced password in its entire network and improved internal password management protocols, says Eric Armstrong, Vice president of the company in his April 4, blog post.
Citrix clocked annual revenue of $3 Billion. The company’s services are used by more than 4, 00,000 organizations worldwide. With that being said, this is a major threat to its users and its security concerns will be higher than ever. It is a major setback to the company revenue, as we may see its shares go down further in the future.