Citrix would pay for credit monitoring services and up to $15,000 per class member for breach-related expenses, among other things, according to the June 2 proposed settlement in the U.S. District Court for the Southern District of Florida.
The agreement shows how companies can be on the hook when international cyber criminals breach their networks. The FBI told Citrix in March 2019 the hackers likely gained access by exploiting weak passwords, according to the settlement.
Citrix didn’t immediately respond to a request for comment.
The agreement directs the software firm to boost cybersecurity training and reinforce data protections. The settlement still needs court approval.
Employees sued Citrix in three cases later consolidated to one, alleging the company was negligent for the theft of information that included their names and Social Security and bank account numbers, according to the settlement.
The case is Jackson et al v. Citrix Systems Inc., S.D. Fla., No. 0:19-cv-61350, 6/2/20.