Citi Trends Ransomware Attack by Hunters Group

Incident Date:

April 3, 2024

World map



Citi Trends Ransomware Attack by Hunters Group


Citi Trends, Inc.


Hunters International


Savannah, USA

Georgia, USA

First Reported

April 3, 2024

Citi Trends, Inc. Suffers Ransomware Attack by Hunters Group


Citi Trends, Inc., a clothing retailer with over 600 stores across 33 states, has been targeted by the ransomware group Hunters. The attack was announced on the dark web leak site of the group, and the victim's website is The company, which operates in the retail sector, has been in business since 1946 and employs more than 3,000 people, generating approximately $914 million in annual revenue.

Previous Cybersecurity Challenges

The ransomware attack on Citi Trends is not the first time the company has faced cybersecurity challenges. In January 2023, an unauthorized party gained access to the company's computer network, exfiltrating files containing private employee data. The data breach affected current, former, and prospective employees, compromising their full names, Social Security numbers, dates of birth, bank or financial account information, and routing numbers.

The company's response to the data breach included sending out data breach letters to affected individuals and offering 12 months of identity monitoring services. However, the lawsuit filed against Citi Trends argues that these measures are inadequate in the face of the lifelong threat of identity theft and fraud.

Security Vulnerabilities

Citi Trends' vulnerabilities in being targeted by threat actors include the storage of sensitive employee data unencrypted and unredacted in its network. The company's failure to implement adequate cybersecurity measures to safeguard this information has led to the data breach and subsequent ransomware attack.

Hunters Ransomware Group

The Hunters ransomware group is known for its attacks on various industries, including retail. The group's targeting of Citi Trends highlights the need for companies to strengthen their cybersecurity defenses to protect against such threats.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.