Citi
Company Details
Linkedin ID:
citi
Website:
Employees number:
197,159
Number of followers:
4,906,842
NAICS:
52
Industry Type:
Homepage:
citigroup.com
IP Addresses:
0
Company ID:
CIT_3403627
Scan Status:
In-progress
Citi Company CyberSecurity Posture
citigroup.com
Citi's mission is to serve as a trusted partner to our clients by responsibly providing financial services that enable growth and economic progress. Our core activities are safeguarding assets, lending money, making payments and accessing the capital markets on behalf of our clients. We have over 200 years of experience helping our clients meet the world's toughest challenges and embrace its greatest opportunities. We are Citi, the global bank – an institution connecting millions of people across hundreds of countries and cities. For information on Citi’s commitment to privacy, visit on.citi/privacy.
Citi A.I CyberSecurity Scoring
Citi Risk Score (AI oriented)Between 800 and 849
Citi
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Citi Global Score (TPRM)XXXX
Citi
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Citi Company CyberSecurity News & History
Past Incidents
2
Attack Types
2
Citi
Breach
Rankiteo Explanation
Attack without any consequences
Description: The California Office of the Attorney General reported a data breach involving Citi on March 28, 2013. The breach involved the accidental exposure of personally identifiable information due to an imperfect process used during a bankruptcy proceeding. The specific number of affected individuals and types of information compromised are unknown.
Citi
Cyber Attack
Rankiteo Explanation
Attack limited on finance or reputation
Description: The customers of Citibank are being targeted in a large-scale phishing campaign. The campaign features CitiBank logos and requestes the recipients to disclose sensitive personal details to lift alleged account holds. The customers are diverted to a website that looks exactly same as citybank portal and any credentials entered there would be compromised and can be misused.
Citi Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Citi
Incidents vs Financial Services Industry Average (This Year)
No incidents recorded for Citi in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Citi in 2025.
Incident Types Citi vs Financial Services Industry Avg (This Year)
No incidents recorded for Citi in 2025.
Incident History — Citi (X = Date, Y = Severity)
Citi cyber incidents detection timeline including parent company and subsidiaries
Citi Company Subsidiaries
Citi's mission is to serve as a trusted partner to our clients by responsibly providing financial services that enable growth and economic progress. Our core activities are safeguarding assets, lending money, making payments and accessing the capital markets on behalf of our clients. We have over 200 years of experience helping our clients meet the world's toughest challenges and embrace its greatest opportunities. We are Citi, the global bank – an institution connecting millions of people across hundreds of countries and cities. For information on Citi’s commitment to privacy, visit on.citi/privacy.
Loading...
Citi Similar Companies
Pru Life UK
With 26 years of operations in the Philippines, we have the largest agency force of more than 39,000 licensed financial advisers ready to listen, understand and deliver. We are an innovative force in the life insurance industry who pioneered investment-linked or unit-linked insurance in the Philippi
BBVA en México
Bienvenido a la página oficial del Banco BBVA Bancomer. Institución financiera de México desde 1932. Es una empresa filial de Banco Bilbao Vizcaya Argentaria (BBVA), uno de los grupos financieros líderes en Europa y considerado entre uno de los más grandes de la Zona Euro. El Grupo trabaja por un f
This is the official Company Page of Ping An Insurance (Group) Company of China, Ltd. (HKEx: 2318; SSE: 601318; ADR: PNGAY). Ping An strives to become a world leading technology-powered financial services group. We believe the way people receive financial services and healthcare in the future wil
Prudential plc
In Asia and Africa, Prudential has been providing familiar, trusted financial security to people for 100 years. Today, headquartered in Hong Kong and London, we are ranked top three in 12 Asian markets with 18 million customers, around 68,000 average monthly active agents and access to over 27,000 b
Sanlam
We’ve finally given a name to that special something a person exudes when they have a plan for their finances. It’s called The F Factor – and now that you know its name, it’s time you feel it too. Let's unlock your financial confidence, together. Our team is online weekdays 8:30 – 16:00
LPL Financial
LPL Financial Holdings Inc. (Nasdaq: LPLA) is among the fastest growing wealth management firms in the U.S. As a leader in the financial advisor-mediated marketplace, LPL supports over 29,000 financial advisors and the wealth management practices of approximately 1,100 financial institutions, servic
We exist to shape decisions for the better — to protect and enrich the lives of people around the world. Through actionable analytic insight, globally integrated Risk Capital and Human Capital expertise, and locally relevant solutions, our colleagues provide clients in over 120 countries with the cl
S&P Global provides governments, businesses, and individuals with market data, expertise, and technology solutions for confident decision-making. Our services span from global energy solutions to sustainable finance solutions. From helping our customers perform investment analysis to guiding them th
ICE (NYSE: ICE) connects people to data, technology and expertise that create opportunity and inspire innovation. For terms of use, visit www.ice.co
.png)
Citi CyberSecurity News
November 25, 2025 09:39 AM
SitusAMC breach puts JPMorgan, Citi, and Morgan Stanley customer data at risk
Financial service provider SitusAMC has confirmed a recent data breach, prompting major US banks to assess potential exposure.
November 24, 2025 07:26 PM
Third-party hack may have spread to JPMorgan, Citi, and Morgan Stanley
A third-party attack on residential loan mortgage origination and collection company SitusAMC caused great concern because the company...
November 24, 2025 07:01 PM
SitusAMC Hack Exposes JPMorgan, Citigroup Customer Data in 2025 Breach
In the predawn hours of a routine November day in 2025, the digital fortifications of America's financial giants faced an invisible assault.
November 24, 2025 04:58 PM
C-Suite Cybersecurity Workshop 2025: Ghana's banking leaders unite against escalating cyber threats
In a landmark gathering at the Marriott Hotel, Ghana's banking executives, regulatory authorities, and cybersecurity experts convened for an...
November 24, 2025 01:02 PM
JPMorgan, Citi, Morgan Stanley assess fallout from SitusAMC data breach
The breach underscores growing third-party cyber risks in financial services, with vendor-related incidents up 15% year-over-year.
November 24, 2025 08:37 AM
SitusAMC Cyberattack Exposes Major Bank Client Data, Possibly from JPMorgan Chase, Citi, and Morgan Stanley
A cyberattack on vendor SitusAMC has potentially exposed client data from JPMorgan Chase, Citi, and Morgan Stanley, prompting an FBI...
November 23, 2025 11:20 PM
JPMorgan and Citi Face Potential Data Exposure from SitusAMC Hack
The SitusAMC hack puts major Wall Street banks at risk, highlighting vulnerabilities in their cybersecurity measures against real-estate...
November 23, 2025 10:16 AM
Mortgage Data Breach Hits JPMorgan, Citi and Morgan Stanley After Large-Scale Vendor Cyberattack
A recent cyberattack on New York-based real estate services firm SitusAMC may have compromised sensitive client and internal data of major...
November 23, 2025 04:30 AM
JPMorgan, Citi, Morgan Stanley client data may be exposed by vendor's hack, NYT reports
A technology vendor for real-estate lenders said it was the target of a cyberattack.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Citi CyberSecurity History Information
Official Website of Citi
The official website of Citi is http://www.citigroup.com.
Citi’s AI-Generated Cybersecurity Score
According to Rankiteo, Citi’s AI-generated cybersecurity score is 830, reflecting their Good security posture.
How many security badges does Citi’ have ?
According to Rankiteo, Citi currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Citi have SOC 2 Type 1 certification ?
According to Rankiteo, Citi is not certified under SOC 2 Type 1.
Does Citi have SOC 2 Type 2 certification ?
According to Rankiteo, Citi does not hold a SOC 2 Type 2 certification.
Does Citi comply with GDPR ?
According to Rankiteo, Citi is not listed as GDPR compliant.
Does Citi have PCI DSS certification ?
According to Rankiteo, Citi does not currently maintain PCI DSS compliance.
Does Citi comply with HIPAA ?
According to Rankiteo, Citi is not compliant with HIPAA regulations.
Does Citi have ISO 27001 certification ?
According to Rankiteo,Citi is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Citi
Citi operates primarily in the Financial Services industry.
Number of Employees at Citi
Citi employs approximately 197,159 people worldwide.
Subsidiaries Owned by Citi
Citi presently has no subsidiaries across any sectors.
Citi’s LinkedIn Followers
Citi’s official LinkedIn profile has approximately 4,906,842 followers.
NAICS Classification of Citi
Citi is classified under the NAICS code 52, which corresponds to Finance and Insurance.
Citi’s Presence on Crunchbase
Yes, Citi has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/citigroup.
Citi’s Presence on LinkedIn
Yes, Citi maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/citi.
Cybersecurity Incidents Involving Citi
As of December 11, 2025, Rankiteo reports that Citi has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
Citi has an estimated 30,346 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Citi ?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack and Breach.
Incident Details
Can you provide details on each incident ?
Title: Large-Scale Phishing Campaign Targeting Citibank Customers
Description: Citibank customers are being targeted in a large-scale phishing campaign that features Citibank logos and requests recipients to disclose sensitive personal details to lift alleged account holds. Customers are diverted to a website that looks exactly like the Citibank portal, where any credentials entered would be compromised and can be misused.
Type: Phishing
Attack Vector: Email
Vulnerability Exploited: Social Engineering
Motivation: Financial Gain
Title: Citi Data Breach
Description: The California Office of the Attorney General reported a data breach involving Citi on March 28, 2013. The breach involved the accidental exposure of personally identifiable information due to an imperfect process used during a bankruptcy proceeding, while the specific number of affected individuals and types of information compromised are unknown.
Date Detected: 2013-03-28
Date Publicly Disclosed: 2013-03-28
Type: Data Breach
Attack Vector: Accidental Exposure
Vulnerability Exploited: Imperfect Process
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Email.
Impact of the Incidents
What was the impact of each incident ?
Incident : Phishing CIT0362322
Data Compromised: Sensitive Personal Details, Credentials
Identity Theft Risk: High
Payment Information Risk: High
Incident : Data Breach CIT548072625
Data Compromised: Personally Identifiable Information
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personally Identifiable Information, Credentials and Personally Identifiable Information.
Which entities were affected by each incident ?
Incident : Phishing CIT0362322
Entity Name: Citibank
Entity Type: Financial Institution
Industry: Banking
Incident : Data Breach CIT548072625
Entity Name: Citi
Entity Type: Financial Institution
Industry: Finance
Data Breach Information
What type of data was compromised in each breach ?
Incident : Phishing CIT0362322
Type of Data Compromised: Personally Identifiable Information, Credentials
Sensitivity of Data: High
Personally Identifiable Information: Yes
Incident : Data Breach CIT548072625
Type of Data Compromised: Personally Identifiable Information
References
Where can I find more information about each incident ?
Incident : Data Breach CIT548072625
Source: California Office of the Attorney General
Date Accessed: 2013-03-28
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: California Office of the Attorney GeneralDate Accessed: 2013-03-28.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Phishing CIT0362322
Entry Point: Email
High Value Targets: Citibank Customers
Data Sold on Dark Web: Citibank Customers
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2013-03-28.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2013-03-28.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Sensitive Personal Details, Credentials and Personally Identifiable Information.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Personally Identifiable Information, Sensitive Personal Details and Credentials.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is California Office of the Attorney General.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Email.
.png)
Latest Global CVEs (Not Company-Specific)
Description
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. (This is the app_password parameter). Depending on local configuration, this password could be the extension, voicemail, user manager, DPMA or EPM phone admin password. This issue is fixed in versions 16.0.96 and 17.0.10.
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions. This is consistent with the name (“write tool”), but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause execution of destructive queries such as DROP TABLE, TRUNCATE, DELETE, ALTER, or privilege-related statements (subject to DB permissions). Deployments that expose an agent with MySQLWriteTool enabled to untrusted input and/or run the tool with a DB user that has broad privileges are impacted. This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 9.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool (e.g., for LLM agent querying, however, validation based on the first keyword (e.g., SELECT) and a forbidden-keyword list does not block file-writing constructs such as INTO OUTFILE / INTO DUMPFILE. As a result, an attacker who can influence the tool input (e.g., via prompt injection through a public agent endpoint) may write arbitrary files to the DB server if the MySQL/MariaDB account has the FILE privilege and server configuration permits writes to a useful location (e.g., a web-accessible directory). This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Description
Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1.
Risk Information
cvss3
Base: 8.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
Description
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in versions 4.11.2 and 4.12.1.
Risk Information
cvss3
Base: 5.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=citi' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
