Citizens Financial Group Investigates Third-Party Data Breach Amid Ransomware Claims
Citizens Financial Group confirmed on April 21 that it is addressing a data security incident involving a third-party vendor, though the bank insists its own systems remain uncompromised. According to the statement, most of the exposed data consisted of masked test records, with only a limited set of customer information affected. The bank reported no disruption to operations and no evidence of unauthorized access to its internal network.
The incident coincides with claims from the Everest ransomware group, which has listed Citizens as a victim and alleged possession of millions of records. Cybersecurity researchers, citing a report by Cybernews, note that the threat actors have shared sample data and set a deadline for negotiations a common extortion tactic. The purported dataset may include personal details such as names, addresses, and account-related information, though the full scope and accuracy of these claims remain unverified.
Citizens Financial Group has heightened monitoring efforts and is notifying impacted individuals, emphasizing its commitment to data protection. The bank has not confirmed whether the ransomware group’s claims directly correlate with the third-party breach.
Citizens cybersecurity rating report: https://www.rankiteo.com/company/citizens-bank
"id": "CIT1776883843",
"linkid": "citizens-bank",
"type": "Ransomware",
"date": "4/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Limited set of customers',
'industry': 'Financial Services',
'name': 'Citizens Financial Group',
'type': 'Bank'}],
'attack_vector': 'Third-party vendor compromise',
'customer_advisories': 'Notifying impacted individuals',
'data_breach': {'data_exfiltration': 'Alleged by ransomware group',
'number_of_records_exposed': 'Millions (claimed by ransomware '
'group, unverified)',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'Moderate to High (PII, '
'account-related information)',
'type_of_data_compromised': 'Masked test records, personal '
'details (names, addresses, '
'account-related information)'},
'date_publicly_disclosed': '2024-04-21',
'description': 'Citizens Financial Group confirmed a data security incident '
'involving a third-party vendor, with most exposed data being '
'masked test records. The bank reported no disruption to '
'operations and no evidence of unauthorized access to its '
'internal network. The incident coincides with claims from the '
'Everest ransomware group, which alleged possession of '
'millions of records, including personal details such as '
'names, addresses, and account-related information.',
'impact': {'data_compromised': 'Masked test records, limited customer '
'information (names, addresses, '
'account-related information)',
'downtime': 'None',
'identity_theft_risk': 'Potential',
'operational_impact': 'None',
'payment_information_risk': 'Potential',
'systems_affected': 'Third-party vendor systems'},
'investigation_status': 'Ongoing',
'motivation': 'Extortion',
'ransomware': {'data_exfiltration': 'Alleged', 'ransomware_strain': 'Everest'},
'references': [{'source': 'Cybernews'}],
'response': {'communication_strategy': 'Notifying impacted individuals, '
'public statement',
'enhanced_monitoring': 'Heightened monitoring efforts'},
'threat_actor': 'Everest ransomware group',
'title': 'Citizens Financial Group Third-Party Data Breach Amid Ransomware '
'Claims',
'type': 'Data Breach, Ransomware'}