Bank says operations unaffected as hackers claim millions of records in alleged breach
Citizens Financial Group said it is dealing with a data security incident tied to a third-party provider, even as a ransomware gang claims to have accessed millions of records linked to the bank.
In a statement released April 21, the bank said, “We have been managing an incident involving data extracted from a third party vendor.” It added that “most of this was masked test data, although a limited set of information for a small number of customers was involved.”
The company emphasized there is no indication its own systems were compromised, noting “there is no evidence of unauthorized access to the Citizens network, and our operations continue as normal.”
The disclosure comes as cybersecurity researchers report that the Everest ransomware group has listed Citizens among its latest alleged victims, claiming to hold a large dataset potentially affecting millions of individuals.
According to a report cited by Cybernews, the threat actors have posted sample data and issued a deadline before any broader release, a tactic commonly used to pressure organizations into negotiations.
The same report suggests the purported Citizens dataset may include personal details such as names, addresses and account-related information, though the scale and sensitivity of the data remain unverified.
Citizens said it has increased monitoring and is contacting affected individuals, adding that safeguarding client information remains a priority.
The situation remains fluid, with the bank’s statement indicating limited exposure while external claims point to a potentially broader incident.
