Citizens
Company Details
Linkedin ID:
citizens-bank
Website:
Employees number:
22,674
Number of followers:
177,035
NAICS:
52211
Industry Type:
Homepage:
citizensbank.com
IP Addresses:
0
Company ID:
CIT_2716868
Scan Status:
In-progress
Citizens Company CyberSecurity Posture
citizensbank.com
At Citizens, we recognize that the journey to accomplishment is no longer linear and that individuals are made of all they have done and all they are going to do. As one of the oldest and largest financial services firms in the United States with a history dating back to 1828, we’re committed to providing solutions and expertise that support our customers, clients, colleagues, and communities in what’s next on their own unique journey. Whether you’re considering banking with us or looking to work with us, you’ll find a customer-centric culture and a supportive, collaborative workforce at Citizens. You’re made ready and so are we. #MadeReady
Citizens A.I CyberSecurity Scoring
Citizens Risk Score (AI oriented)Between 700 and 749
Citizens
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Citizens Global Score (TPRM)XXXX
Citizens
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Citizens Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Citizens Bank
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The Vermont Office of the Attorney General reported that Citizens Bank experienced a data breach affecting approximately 100 customers. The breach, which occurred between January 10, 2024, and June 13, 2024, potentially compromised customer names, account numbers, and Social Security Numbers. The breach was reported on September 26, 2024.
Citizens Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Citizens
Incidents vs Banking Industry Average (This Year)
No incidents recorded for Citizens in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Citizens in 2025.
Incident Types Citizens vs Banking Industry Avg (This Year)
No incidents recorded for Citizens in 2025.
Incident History — Citizens (X = Date, Y = Severity)
Citizens cyber incidents detection timeline including parent company and subsidiaries
Citizens Company Subsidiaries
At Citizens, we recognize that the journey to accomplishment is no longer linear and that individuals are made of all they have done and all they are going to do. As one of the oldest and largest financial services firms in the United States with a history dating back to 1828, we’re committed to providing solutions and expertise that support our customers, clients, colleagues, and communities in what’s next on their own unique journey. Whether you’re considering banking with us or looking to work with us, you’ll find a customer-centric culture and a supportive, collaborative workforce at Citizens. You’re made ready and so are we. #MadeReady
Loading...
Citizens Similar Companies
Citizens One
Citizens One is the National Lending Division for Citizens Bank, N.A., a bank with a nearly 200-year history of serving customers and communities. At Citizens One, our team of experts is committed to helping our customers get the loan solution that’s right for them. We always strive to be clear and
CIBC is here to help all our clients reach their goals. We know the importance of reliable financial products and services, and we’re dedicated to providing them in a way that lets you bank however you want, whenever you want. With innovative tools designed around your priorities and a team ful
Attijariwafa bank
With our universal banking model, our pan-African scope, the complementarity of our businesses and our solid expertise, we are a leading player in the Moroccan and African financial sector. For over a century, we’ve been able to adapt by diversifying our business lines, renewing our offers and rev
Bank of the Philippine Islands (BPI)
Founded in 1851, the Bank of the Philippine Islands is the first bank in the Philippines and in Southeast Asia. Together with its subsidiaries and affiliates, BPI, a universal bank, offers a wide range of financial products and services that serve both retail and corporate clients. Get ready to sta
Crédit Agricole Personal Finance & Mobility
A major consumer credit provider in Europe, Crédit Agricole Consumer Finance operates in 19 countries. Its 9,900 employees support customers by providing the financing they need to undertake their projects. Reflecting the essential social and economic role of consumer credit, Crédit Agricole Consu
BNP Paribas Fortis
For over 200 years, BNP Paribas Fortis has helped drive the growth and prosperity of Belgium’s economy and communities. The mission of our 12,000 colleagues is clear: be the trusted financial partner for four million individual customers, businesses and organisations. We do this by offering advice a
IDFC FIRST Bank
**Never share your password, OTP, UPI Pin, CVV etc with anyone.** Formed in December 2018 through the merger of infrastructure finance giant IDFC Bank and retail finance specialist Capital First, we commenced commercial banking operations in 2016. Our core principles: Vision: Building a world-clas
Regions Bank
Regions Financial Corporation is a member of the S&P 500 Index and is one of the nation’s largest full-service providers of consumer and commercial banking, wealth management, and mortgage products and services. Regions serves customers across the South, Midwest and Texas, and through its subsidiary
Bank of India
Welcome to Bank of India's official LinkedIn page! Join us & stay tuned to learn about our products, exciting offers & latest happenings. Bank of India was founded on 7th September, 1906 by a group of eminent business professionals from Mumbai. The Bank was under private ownership and control till J
.png)
Citizens CyberSecurity News
November 11, 2025 10:22 AM
Tripura launches Cyber Security Policy 2025 to safeguard citizens’ data, IT systems
The policy will also ensure promoting collaborative actions across public and private sectors to ensure a safe and resilient cyberspace in...
November 10, 2025 02:02 PM
Cybersecurity and misinformation bills not meant to silence citizens – President Mahama
President John Dramani Mahama has assured Ghanaians that the Cybersecurity Amendment Bill (2025) and the Misinformation and Disinformation...
October 23, 2025 07:00 AM
Odisha Cyber Security Campaign 2025 Gains Momentum, Reaches Over 63,000 Citizens
Odisha Cyber Security Campaign 2025 Gains Momentum, Reaches Over 63,000 Citizens ... Bhubaneswar: The Odisha Cyber Security Campaign 2025,...
October 17, 2025 07:00 AM
Citizens & Northern warns of rising AI scams during Cybersecurity Awareness Month
Citizens & Northern warns of rising AI scams during Cybersecurity Awareness Month ... Citizens & Northern highlights the growing threat of AI...
October 14, 2025 07:00 AM
UAE police call cybersecurity 'shared responsibility', urge citizens to take charge
AI-powered portal to protect residents. “Dubai Police has a platform for reporting cybercrime. Anyone can log in and report suspicious...
October 11, 2025 07:00 AM
Cyber Security Week 2025: IGP Warns Citizens Against Dangers Of Cybercrime
Cyber Security Week 2025: IGP Warns Citizens Against Dangers Of Cybercrime ... As rest of the world celebrates Cybersecurity Week 2025, aimed at...
October 08, 2025 07:00 AM
Acronis Cyber Foundation co-hosts cybersafety workshop for senior citizens
October marks Cybersecurity Awareness Month. To celebrate, we are excited to announce a strategic collaboration between the Acronis Cyber...
October 06, 2025 07:00 AM
South Africa alerts citizens to rising cyber threats during Cybersecurity Awareness Month
The South African government has sounded the alarm over a surge in cyber threats, calling for heightened vigilance among citizens as part of its...
October 03, 2025 07:00 AM
Wake Up, Singapore says Meta suspended its Facebook page over unclear cybersecurity reasons
Wake Up, Singapore (WUSG) revealed on 3 October 2025 that Meta suspended its Facebook page, citing cybersecurity violations without details. In...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Citizens CyberSecurity History Information
Official Website of Citizens
The official website of Citizens is http://www.citizensbank.com.
Citizens’s AI-Generated Cybersecurity Score
According to Rankiteo, Citizens’s AI-generated cybersecurity score is 744, reflecting their Moderate security posture.
How many security badges does Citizens’ have ?
According to Rankiteo, Citizens currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Citizens have SOC 2 Type 1 certification ?
According to Rankiteo, Citizens is not certified under SOC 2 Type 1.
Does Citizens have SOC 2 Type 2 certification ?
According to Rankiteo, Citizens does not hold a SOC 2 Type 2 certification.
Does Citizens comply with GDPR ?
According to Rankiteo, Citizens is not listed as GDPR compliant.
Does Citizens have PCI DSS certification ?
According to Rankiteo, Citizens does not currently maintain PCI DSS compliance.
Does Citizens comply with HIPAA ?
According to Rankiteo, Citizens is not compliant with HIPAA regulations.
Does Citizens have ISO 27001 certification ?
According to Rankiteo,Citizens is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Citizens
Citizens operates primarily in the Banking industry.
Number of Employees at Citizens
Citizens employs approximately 22,674 people worldwide.
Subsidiaries Owned by Citizens
Citizens presently has no subsidiaries across any sectors.
Citizens’s LinkedIn Followers
Citizens’s official LinkedIn profile has approximately 177,035 followers.
NAICS Classification of Citizens
Citizens is classified under the NAICS code 52211, which corresponds to Commercial Banking.
Citizens’s Presence on Crunchbase
Yes, Citizens has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/citizens-bank.
Citizens’s Presence on LinkedIn
Yes, Citizens maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/citizens-bank.
Cybersecurity Incidents Involving Citizens
As of November 27, 2025, Rankiteo reports that Citizens has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Citizens has an estimated 6,716 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Citizens ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
Incident Details
Can you provide details on each incident ?
Title: Citizens Bank Data Breach
Description: The Vermont Office of the Attorney General reported that Citizens Bank experienced a data breach affecting approximately 100 customers, where personal information may have been shared with an unauthorized party between January 10, 2024, and June 13, 2024. The breach potentially compromised customer names, account numbers, and Social Security Numbers. The breach was reported on September 26, 2024.
Date Publicly Disclosed: 2024-09-26
Type: Data Breach
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach CIT248072825
Data Compromised: Customer names, Account numbers, Social security numbers
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Customer Names, Account Numbers, Social Security Numbers and .
Which entities were affected by each incident ?
Incident : Data Breach CIT248072825
Entity Name: Citizens Bank
Entity Type: Financial Institution
Industry: Banking
Customers Affected: 100
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach CIT248072825
Type of Data Compromised: Customer names, Account numbers, Social security numbers
Number of Records Exposed: 100
Sensitivity of Data: High
References
Where can I find more information about each incident ?
Incident : Data Breach CIT248072825
Source: Vermont Office of the Attorney General
Date Accessed: 2024-09-26
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Vermont Office of the Attorney GeneralDate Accessed: 2024-09-26.
Additional Questions
Incident Details
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2024-09-26.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Customer names, Account numbers, Social Security Numbers and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Account numbers, Customer names and Social Security Numbers.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 100.0.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is Vermont Office of the Attorney General.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=citizens-bank' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
