A new story about Citrix Systems proves that no one is safe from hackers and digital con artists.
One would think that a software company known for networking, software as a service (SaaS), and cloud computing might be super vigilant. But, it appears that no person or company is immune. Citrix has confirmed that some nasty hackers were roaming through its networks for five months between 2018 and 2019, grabbing the financial and personal data of Citrix employees, contractors, and even interns and dependents of employees.
The company says the hackers may have also made off with Social Security Numbers, other tax ID numbers, driver’s license numbers, financial account numbers, payment card numbers, passport numbers, and health claims information like provider names and dates of service.
It took Citrix almost a year to come clean about the intrusion. In a February 10, 2020 letter to those who may have been affected, Citrix divulged that the attackers “had intermittent access” to Citrix’s internal network between Oct. 13, 2018 and Mar. 8, 2019. However, it stated there was zero evidence that hackers remained in the company’s systems.
Why a letter? Actually, there’s a law in most U.S. states that requires any company to notify affected customers about hacking incidents. Citrix’s letter was prompted by laws in virtually all U.S. states that require companies to notify affected consumers of any incident that may have compromised their personal data. Plus, the Federal Trade Commission (FTC) has an additional breach notification rule for any business that collects health-related information.
Rewinding back to March, 2019, Krebs on Security reports that the Federal Bureau of Investigation (FBI) alerted Citrix about the potential incursion, saying that the hackers probably got into Citrix’ networks using a technique called “password spraying.”
Password spraying is an attack mode that tries to make its way into large databases of usernames by using a few commonly used passwords, such as “Password1.” The reason that technique is used is because it allows the hacker to remain hidden and avoid account lockouts.