In December, 2018, Citrix forced a password reset for some of its clients due to what appeared to be a credential stuffing attack against ShareFile. But did some customers first find out about it March? On April 16, external counsel for LD Evans, CPA provided notification that began;
On March 4, 2019, LD Evans learned from Citrix that individuals’ personal information may have been obtained by an unknown, unauthorized third party as the result of a security issue related to its use of Citrix ShareFile, a third-party filesharing service. LD Evans took immediate action to enhance security protocols and confirm that the issue could not lead to further unauthorized access.
LD Evans also conducted an internal investigation, which determined that an unknown, unauthorized third party could have gained access to individuals’ personal information stored within its Citrix ShareFile environment, including the names, addresses, dates of birth, Social Security numbers and bank account information of affected individuals.
Approximately 631 California residents were affected in this potential incident. The total number of LD Evans clients was not disclosed.
Update: this post was corrected post-publication because I had erroneously linked to a subsequent Citrix issue involving their internal network instead of the ShareFile incident. Thanks to the alert reader who questioned my connection between the events.
I’m a bit confused by the timing here. Supposedly the FBI notified Citrix of the breach on March 8, so how did Citrix notify customers on March 4? Possibility this is related to the mass ShareFile password reset in December?
Great catch on your part. You’re right, if this was ShareFile, then it was that incident and not the internal network incident disclosed in December. But it’s curious that the CPA firm was first notified in March, 2019 of the ShareFile concern/incident. I’ve corrected my post, thanks to your sharp eyes.