Hackers gained access to technology giant Citrix networks six months before they were discovered, the company has confirmed.In a letter to California attorney general, the virtualization and security software maker said the hackers had &intermittent access& to its internal network from October 13, 2018 until March 8, 2019, two days after the FBI alerted the company to the breach.Citrix said the hackers &removed files from our systems, which may have included files containing information about our current and former employees and, in limited cases, information about beneficiaries and/or dependents.&Initially the company said hackers stole business documents.
Now it saying the stolen information may have included names, Social Security numbers and financial information.Citrix said in a later update on April 4 that the attack was likely a result of password spraying, which attackers use to breach accounts by brute-forcing from a list of commonly used passwords that aren&t protected with two-factor authentication.We asked Citrix how many staff were sent data-breach notification letters, but a spokesperson did not immediately comment.Under California law, the authorities must be informed of a breach if more than 500 state residents are involved.Read more:A leaky database of SMS text messages exposed password resets and two-factor codesChipotle customers are saying their accounts have been hackedWe found a massive spam operation — and sunk its serverDow Jones& watchlist of 2.4 million high-risk individuals has leakedStop saying, ‘We take your privacy and security seriously&Robocaller firm Stratics Networks exposed millions of call recordingsMassive mortgage and loan data leak gets worse as original documents also exposed