Citi
Company Details
Linkedin ID:
citi
Website:
Employees number:
197,159
Number of followers:
4,906,842
NAICS:
52
Industry Type:
Homepage:
citigroup.com
IP Addresses:
0
Company ID:
CIT_3403627
Scan Status:
In-progress
Citi Company CyberSecurity Posture
citigroup.com
Citi's mission is to serve as a trusted partner to our clients by responsibly providing financial services that enable growth and economic progress. Our core activities are safeguarding assets, lending money, making payments and accessing the capital markets on behalf of our clients. We have over 200 years of experience helping our clients meet the world's toughest challenges and embrace its greatest opportunities. We are Citi, the global bank – an institution connecting millions of people across hundreds of countries and cities. For information on Citi’s commitment to privacy, visit on.citi/privacy.
Citi A.I CyberSecurity Scoring
Citi Risk Score (AI oriented)Between 800 and 849
Citi
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Citi Global Score (TPRM)XXXX
Citi
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Citi Company CyberSecurity News & History
Past Incidents
2
Attack Types
2
Citi
Breach
Rankiteo Explanation
Attack without any consequences
Description: The California Office of the Attorney General reported a data breach involving Citi on March 28, 2013. The breach involved the accidental exposure of personally identifiable information due to an imperfect process used during a bankruptcy proceeding. The specific number of affected individuals and types of information compromised are unknown.
Citi
Cyber Attack
Rankiteo Explanation
Attack limited on finance or reputation
Description: The customers of Citibank are being targeted in a large-scale phishing campaign. The campaign features CitiBank logos and requestes the recipients to disclose sensitive personal details to lift alleged account holds. The customers are diverted to a website that looks exactly same as citybank portal and any credentials entered there would be compromised and can be misused.
Citi Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Citi
Incidents vs Financial Services Industry Average (This Year)
No incidents recorded for Citi in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Citi in 2025.
Incident Types Citi vs Financial Services Industry Avg (This Year)
No incidents recorded for Citi in 2025.
Incident History — Citi (X = Date, Y = Severity)
Citi cyber incidents detection timeline including parent company and subsidiaries
Citi Company Subsidiaries
Citi's mission is to serve as a trusted partner to our clients by responsibly providing financial services that enable growth and economic progress. Our core activities are safeguarding assets, lending money, making payments and accessing the capital markets on behalf of our clients. We have over 200 years of experience helping our clients meet the world's toughest challenges and embrace its greatest opportunities. We are Citi, the global bank – an institution connecting millions of people across hundreds of countries and cities. For information on Citi’s commitment to privacy, visit on.citi/privacy.
Loading...
Citi Similar Companies
Merrill Lynch
Founded in 1914, Merrill is one of the largest wealth management businesses in the world. Merrill financial advisors combine financial knowledge and experience with a deep understanding of their clients’ needs to help their clients pursue the lives they want. With a deep commitment to placing their
Indiabulls Group
Founded in the year 2000, the Indiabulls Group is one of the country’s leading business houses with interest across sectors like financial services, real estate, pharmaceutical and LED. Headquartered in Gurgaon, all the group companies are listed on the Bombay Stock Exchange, and the National Stock
Capital Group
Capital Group was established in 1931 in Los Angeles, California, and now has 31 offices around the globe. For over 90 years we've provided carefully researched investment solutions and services to financial professionals. *** We've been made aware of an employment scam fraudulently using Capital G
We’re a bank, but there’s more to it than that. When you join BMO, it opens a world of opportunities. This is a team that's committed to helping you succeed – personally and professionally. Because at BMO, when you grow, we grow. You know your worth and so do we. That’s why we offer the righ
Synchrony
At Synchrony, our driving force is to be essential to people's everyday lives by making it easier for the many millions of people who rely on us to access their essential needs and everyday wants with consumer financing that works for them – from their first credit card to a lifetime of flexibility.
Aegon
People are living longer, and we are excited about the possibilities this brings. We see longevity, aging, and changing life patterns as an opportunity for our customers, our employees, and society as a whole. And we want to support everyone in building the financial means to explore the possibiliti
Principal Financial Group
Principal Financial Group® is dedicated to improving the wealth and well-being of people and businesses around the world—helping more than 62M customers plan, protect, invest, and retire as of December 31, 2023. Along the way, we commit to supporting the communities where we do business. Improving o
Lars Larsen Group
Lars Larsen Group is owned by the Brunsborg family, descendants of JYSK founder Lars Larsen. The Group owns companies within a number of business areas including furniture, interior design, restaurants and hotels, and is also an active investor in equities, funds, and real estate. The Group is to t
BlackRock is a global asset manager and technology provider dedicated to helping more and more people experience financial well-being. We help millions of people invest to build savings that serve them throughout their lives. We always start with our clients’ needs and look to offer them more qua
.png)
Citi CyberSecurity News
November 25, 2025 09:39 AM
SitusAMC breach puts JPMorgan, Citi, and Morgan Stanley customer data at risk
Financial service provider SitusAMC has confirmed a recent data breach, prompting major US banks to assess potential exposure.
November 24, 2025 07:26 PM
Third-party hack may have spread to JPMorgan, Citi, and Morgan Stanley
A third-party attack on residential loan mortgage origination and collection company SitusAMC caused great concern because the company...
November 24, 2025 07:01 PM
SitusAMC Hack Exposes JPMorgan, Citigroup Customer Data in 2025 Breach
In the predawn hours of a routine November day in 2025, the digital fortifications of America's financial giants faced an invisible assault.
November 24, 2025 04:58 PM
C-Suite Cybersecurity Workshop 2025: Ghana's banking leaders unite against escalating cyber threats
In a landmark gathering at the Marriott Hotel, Ghana's banking executives, regulatory authorities, and cybersecurity experts convened for an...
November 24, 2025 01:02 PM
JPMorgan, Citi, Morgan Stanley assess fallout from SitusAMC data breach
The breach underscores growing third-party cyber risks in financial services, with vendor-related incidents up 15% year-over-year.
November 24, 2025 08:37 AM
SitusAMC Cyberattack Exposes Major Bank Client Data, Possibly from JPMorgan Chase, Citi, and Morgan Stanley
A cyberattack on vendor SitusAMC has potentially exposed client data from JPMorgan Chase, Citi, and Morgan Stanley, prompting an FBI...
November 23, 2025 11:20 PM
JPMorgan and Citi Face Potential Data Exposure from SitusAMC Hack
The SitusAMC hack puts major Wall Street banks at risk, highlighting vulnerabilities in their cybersecurity measures against real-estate...
November 23, 2025 10:16 AM
Mortgage Data Breach Hits JPMorgan, Citi and Morgan Stanley After Large-Scale Vendor Cyberattack
A recent cyberattack on New York-based real estate services firm SitusAMC may have compromised sensitive client and internal data of major...
November 23, 2025 04:30 AM
JPMorgan, Citi, Morgan Stanley client data may be exposed by vendor's hack, NYT reports
A technology vendor for real-estate lenders said it was the target of a cyberattack.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Citi CyberSecurity History Information
Official Website of Citi
The official website of Citi is http://www.citigroup.com.
Citi’s AI-Generated Cybersecurity Score
According to Rankiteo, Citi’s AI-generated cybersecurity score is 830, reflecting their Good security posture.
How many security badges does Citi’ have ?
According to Rankiteo, Citi currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Citi have SOC 2 Type 1 certification ?
According to Rankiteo, Citi is not certified under SOC 2 Type 1.
Does Citi have SOC 2 Type 2 certification ?
According to Rankiteo, Citi does not hold a SOC 2 Type 2 certification.
Does Citi comply with GDPR ?
According to Rankiteo, Citi is not listed as GDPR compliant.
Does Citi have PCI DSS certification ?
According to Rankiteo, Citi does not currently maintain PCI DSS compliance.
Does Citi comply with HIPAA ?
According to Rankiteo, Citi is not compliant with HIPAA regulations.
Does Citi have ISO 27001 certification ?
According to Rankiteo,Citi is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Citi
Citi operates primarily in the Financial Services industry.
Number of Employees at Citi
Citi employs approximately 197,159 people worldwide.
Subsidiaries Owned by Citi
Citi presently has no subsidiaries across any sectors.
Citi’s LinkedIn Followers
Citi’s official LinkedIn profile has approximately 4,906,842 followers.
NAICS Classification of Citi
Citi is classified under the NAICS code 52, which corresponds to Finance and Insurance.
Citi’s Presence on Crunchbase
Yes, Citi has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/citigroup.
Citi’s Presence on LinkedIn
Yes, Citi maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/citi.
Cybersecurity Incidents Involving Citi
As of December 11, 2025, Rankiteo reports that Citi has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
Citi has an estimated 30,347 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Citi ?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack and Breach.
Incident Details
Can you provide details on each incident ?
Title: Large-Scale Phishing Campaign Targeting Citibank Customers
Description: Citibank customers are being targeted in a large-scale phishing campaign that features Citibank logos and requests recipients to disclose sensitive personal details to lift alleged account holds. Customers are diverted to a website that looks exactly like the Citibank portal, where any credentials entered would be compromised and can be misused.
Type: Phishing
Attack Vector: Email
Vulnerability Exploited: Social Engineering
Motivation: Financial Gain
Title: Citi Data Breach
Description: The California Office of the Attorney General reported a data breach involving Citi on March 28, 2013. The breach involved the accidental exposure of personally identifiable information due to an imperfect process used during a bankruptcy proceeding, while the specific number of affected individuals and types of information compromised are unknown.
Date Detected: 2013-03-28
Date Publicly Disclosed: 2013-03-28
Type: Data Breach
Attack Vector: Accidental Exposure
Vulnerability Exploited: Imperfect Process
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Email.
Impact of the Incidents
What was the impact of each incident ?
Incident : Phishing CIT0362322
Data Compromised: Sensitive Personal Details, Credentials
Identity Theft Risk: High
Payment Information Risk: High
Incident : Data Breach CIT548072625
Data Compromised: Personally Identifiable Information
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personally Identifiable Information, Credentials and Personally Identifiable Information.
Which entities were affected by each incident ?
Incident : Phishing CIT0362322
Entity Name: Citibank
Entity Type: Financial Institution
Industry: Banking
Incident : Data Breach CIT548072625
Entity Name: Citi
Entity Type: Financial Institution
Industry: Finance
Data Breach Information
What type of data was compromised in each breach ?
Incident : Phishing CIT0362322
Type of Data Compromised: Personally Identifiable Information, Credentials
Sensitivity of Data: High
Personally Identifiable Information: Yes
Incident : Data Breach CIT548072625
Type of Data Compromised: Personally Identifiable Information
References
Where can I find more information about each incident ?
Incident : Data Breach CIT548072625
Source: California Office of the Attorney General
Date Accessed: 2013-03-28
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: California Office of the Attorney GeneralDate Accessed: 2013-03-28.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Phishing CIT0362322
Entry Point: Email
High Value Targets: Citibank Customers
Data Sold on Dark Web: Citibank Customers
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2013-03-28.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2013-03-28.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Sensitive Personal Details, Credentials and Personally Identifiable Information.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Personally Identifiable Information, Sensitive Personal Details and Credentials.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is California Office of the Attorney General.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Email.
.png)
Latest Global CVEs (Not Company-Specific)
Description
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. (This is the app_password parameter). Depending on local configuration, this password could be the extension, voicemail, user manager, DPMA or EPM phone admin password. This issue is fixed in versions 16.0.96 and 17.0.10.
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions. This is consistent with the name (“write tool”), but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause execution of destructive queries such as DROP TABLE, TRUNCATE, DELETE, ALTER, or privilege-related statements (subject to DB permissions). Deployments that expose an agent with MySQLWriteTool enabled to untrusted input and/or run the tool with a DB user that has broad privileges are impacted. This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 9.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool (e.g., for LLM agent querying, however, validation based on the first keyword (e.g., SELECT) and a forbidden-keyword list does not block file-writing constructs such as INTO OUTFILE / INTO DUMPFILE. As a result, an attacker who can influence the tool input (e.g., via prompt injection through a public agent endpoint) may write arbitrary files to the DB server if the MySQL/MariaDB account has the FILE privilege and server configuration permits writes to a useful location (e.g., a web-accessible directory). This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Description
Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1.
Risk Information
cvss3
Base: 8.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
Description
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in versions 4.11.2 and 4.12.1.
Risk Information
cvss3
Base: 5.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=citi' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
