Citrix Agrees to $2.3 Million Settlement Over Employee Data Hack

June 4, 2020, 7:22 PM

Citrix Systems Inc. agreed to settle for nearly $2.3 million a class action alleging it was at fault for hackers stealing the information of more than 24,000 current and former employees.

Citrix would pay for credit monitoring services and up to $15,000 per class member for breach-related expenses, among other things, according to the June 2 proposed settlement in the U.S. District Court for the Southern District of Florida.

The agreement shows how companies can be on the hook when international cyber criminals breach their networks. The FBI told Citrix in March 2019 the hackers likely gained access by exploiting weak passwords, according to the settlement.

Citrix didn’t immediately respond to a request for comment.

The agreement directs the software firm to boost cybersecurity training and reinforce data protections. The settlement still needs court approval.

Employees sued Citrix in three cases later consolidated to one, alleging the company was negligent for the theft of information that included their names and Social Security and bank account numbers, according to the settlement.

The case is Jackson et al v. Citrix Systems Inc., S.D. Fla., No. 0:19-cv-61350, 6/2/20.

To contact the reporter on this story: Andrea Vittorio in Washington at avittorio@bloomberglaw.com

To contact the editors responsible for this story: Keith Perine at kperine@bloomberglaw.com; John Hughes at jhughes@bloomberglaw.com

To read more articles log in. To learn more about a subscription click here.