Citi Trends Ransomware Attack by Hunters Group
Incident Date:
April 3, 2024
Overview
Title
Citi Trends Ransomware Attack by Hunters Group
Victim
Citi Trends, Inc.
Attacker
Hunters International
Location
First Reported
April 3, 2024
Citi Trends, Inc. Suffers Ransomware Attack by Hunters Group
Overview
Citi Trends, Inc., a clothing retailer with over 600 stores across 33 states, has been targeted by the ransomware group Hunters. The attack was announced on the dark web leak site of the group, and the victim's website is cititrends.com. The company, which operates in the retail sector, has been in business since 1946 and employs more than 3,000 people, generating approximately $914 million in annual revenue.
Previous Cybersecurity Challenges
The ransomware attack on Citi Trends is not the first time the company has faced cybersecurity challenges. In January 2023, an unauthorized party gained access to the company's computer network, exfiltrating files containing private employee data. The data breach affected current, former, and prospective employees, compromising their full names, Social Security numbers, dates of birth, bank or financial account information, and routing numbers.
The company's response to the data breach included sending out data breach letters to affected individuals and offering 12 months of identity monitoring services. However, the lawsuit filed against Citi Trends argues that these measures are inadequate in the face of the lifelong threat of identity theft and fraud.
Security Vulnerabilities
Citi Trends' vulnerabilities in being targeted by threat actors include the storage of sensitive employee data unencrypted and unredacted in its network. The company's failure to implement adequate cybersecurity measures to safeguard this information has led to the data breach and subsequent ransomware attack.
Hunters Ransomware Group
The Hunters ransomware group is known for its attacks on various industries, including retail. The group's targeting of Citi Trends highlights the need for companies to strengthen their cybersecurity defenses to protect against such threats.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.