Citrix Confirms Hackers Stole Sensitive Employee Information

Exploit: Password spraying
St Ambrose Catholic Parish: Multinational software company providing application and software services

Risk to Small Business: 2.333 = Severe: Hackers took advantage of weak employee passwords and gained entrance to the company’s network via password spraying. Once inside, they were able to access internal documents and information on former and current employees for about six months. The bad actors were expelled from the network, and the company took measures to improve the company’s password security.

Individual Risk: 2.248 = Severe As part of an ongoing investigation, it was revealed that financial information and social security numbers of employees were at risk, in addition to internal business assets. Even worse, the company also disclosed that hackers were able to view personal information of employees’ beneficiaries and dependents. Current and former employees are encouraged to sign up for identity protection services to monitor their credentials.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Recovering from a data breach that not only compromises employee information but also that of their dependents and beneficiaries can be an arduous process. Employees lose trust and goodwill in their employer, and it becomes difficult for them to discern the long-term consequences once personal data is accessed. Therefore, proactively providing identity monitoring services can go a long way in demonstrating a commitment to employees while mitigating security risks for the company as a whole.

Risk Levels:

1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.