Citrix data breach: hackers had access to the network for 6 months

Citrix Systems confirms data breach that took place back in 2018: criminals stole employee information

Citrix data breach exposed after six monthsPassword spraying technique involved in the data breach at Citrix that affected the company's employees. Technology company Citrix confirmed a data breach involving hackers who accessed and possibly removed files from the company's system.[1] According to the official letter Notice of Data Breach,[2] intermittent access to the network continued from October 13, 2018 to March 8, 2019. The letter sent to the California Attorney-General confirmed the cybercriminal attack which was first detected by FBI.

The company was informed about the data breach by the FBI on March 6th, as the Chief Security Information Officer of Citrix, Stan Black stated in his report.[3] Specific data that was accessed included files with information about the current and former employees. Also, some of them may consist of data about beneficiaries or dependents.

Later, on April 4th, Eric Armstrong, Vice President of Corporate Communications at Citrix wrote an update[4] that informed about the specific techniques discovered during the investigation:

We identified password spraying, a technique that exploits weak passwords, as the likely method by which the threat actors entered our network.

The stolen information may include Social Security numbers and financial information

The investigation held by Citrix has not concluded any details about the specific data stolen or accessed in this data breach or the number of affected employees. However, the gathered investigation data shows that affected files may have included financial information and social security numbers of the employees. Citrix confirms that notices of this incident were sent to the most recent home addresses of both current and former employees.

In the more latter update, Citrix informed that they have taken needed measures and eliminated hacker from the system. Also, the password reset was performed, and improved internal password management protocols applied. The company informs that, according to their investigation no vulnerabilities or security issues were exploited and that no Citric product or service was compromised by these undisclosed criminals.

Various researchers tried to get the exact number of affected people, but the company didn't answer those requests. However, based on California law, the authorities must be informed about an incident like this, when more than 500 state residents are involved. Based on the company's official Proxy statement they had more than 7 000 employees back in December 2017.[5]

Not much information confirmed while an investigation is still ongoing

Back in March, the Iranian hacker group named IRIDIUM was linked to this particular data breach at technology company Citrix.[6] Security firm claimed that this group was behind the breach, but the company itself haven't confirmed this fact nor information regarding the affected data.

It is believed that the company cannot confirm nor deny that data breach affected people's sensitive details. Also, according to the official reports, the investigation is still ongoing, and Citrix cannot provide any updates on the incident in the meantime.

We will continue to provide updates on the incident as we learn more credible and actionable information with the understanding that it is difficult to predict how long an investigation like this will take. We are going to continue to follow all indicators of suspicious activity to ensure we have thoroughly addressed this incident.

Armstrong indicates particular information that should teach customers how to help them protect their systems. The website published a few articles regarding the best practices to follow like multi-factor authentication and building secure environments to help customers improve the security of their networks.

About the author
Olivia Morelli
Olivia Morelli - Ransomware analyst

Olivia Morelli is News Editor at She covers topics such as computer protection, latest malware trends, software vulnerabilities, data breaches, and more.

Contact Olivia Morelli
About the company Esolutions