Citrix: No breach, hacker stole business info from third party

Posted by & filed under Security News.

Citrix has published an official statement to deny allegations that the company’s network was breached by a malicious actor who also claims that he was also able to steal customer information.

The actor is now selling what he claims to be a database with information on 2,000,000 Citrix customers on the dark web, with a price tag of 2.15 bitcoins (roughly $19,700).

“As recently as today, there are reports of Citrix data for sale on the dark web,” Citrix’s CISO Fermin J. Serna says.”Many of these reports today erroneously imply a Citrix compromise.”

Hacker compromised the network of a third party

Serna added that “a threat intelligence report circulated concerning claims made on the dark web by a threat actor alleging compromise of the Citrix network, exfiltration of data, and attempts to escalate privileges to launch a ransomware attack.”

However, as Citrix discovered while investigating these claims, Citrix found no evidence of network compromise but, instead, discovered that the threat actor instead stole data from the breached network of a third party.

“This third party has been cooperative and responsive to our questions and direction, and has taken immediate action to isolate from the internet any Citrix related data they may have,” Serna explains.

“Once that action was complete, the author of the threat intelligence report reported that the threat actor’s unauthorized access was terminated.”

No Citrix customer credentials were stolen

The third-party whose systems were compromised to steal Citrix data has now started its own investigation and is taking remediation measures, keeping Citrix up to date with any findings.

As Serna further explains, the third party’s breach doesn’t equate to Citrix’s network being compromised or customer credentials having been stolen:

  • A compromise of this third party’s network does not provide a means into the Citrix network, or a vector for a ransomware attack against Citrix.
  • This third party does not possess Citrix source code, highly sensitive intellectual property, or passwords, or other credential information.
  • The third party is only in possession of low sensitivity business contact information.

This is not the first time Citrix data was stolen in a data breach with the company finding from the FBI in March 2019 that threat actors were able to gain and maintain access to its networks between October 13, 2018, and March 8, 2019, after hacking their way in using password spraying.

During that time, the hackers were able to exfiltrate sensitive personal info of both current and former employees including names, Social Security numbers, and financial information.

In May 2019, an ex-employee of Citrix filed a class action complaint about damages suffered following the company’s security breach.


The information contained in this website is for general information purposes only. The information is gathered from Bleeping Computer, while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.  Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them. Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.