News that Planet Home Lending experienced a cyberattack by the LockBit ransomware group leveraging the Citrix Bleed flaw has come out in dribs and drabs.The cyberattack last fall was first reported by a personal injury law firm in late January, but the tech press picked up on the news Feb. 12 after ClassAction.org said Planet Home faced a class action lawsuit based on the incident on Feb. 6.The crux of the matter is that Planet Home Lending sent out a letter to customers Jan. 24 explaining that the personal information of its customers was breached in connection with one of the LockBit ransomware group’s recent campaigns.It was the second time in the past several months Planet Home had to report a serious breach. The first was late last summer, when the company disclosed it was impacted by the MoveIT vulnerability.In excess of 200,000 customers were reportedly affected in the most recent breach. The threat actors obtained names, addresses, Social Security numbers, loan numbers, and financial account numbers.Planet Home’s letter said the root cause of the incident was the Citrix Bleed vulnerability that affected software in NetScaler ADC and Gateway appliances from Citrix Systems.“While Planet had implemented multiple layers of security tools designed to prevent this type of unauthorized access, the threat actor was able to exploit this Citrix Bleed vulnerability to bypass these protections,” the letter said.According to Planet Home, the attack happened on Nov. 15, and Planet Home became aware of the incident on the same day. Upon discovery, the company retained an outside forensics firm to conduct an investigation into the cause and impact of the breach. By Nov. 28, Planet was able to determine with “reasonable certainty” that the threat actor accessed a read-only data folder in which copies of loan files containing personally identifiable information of some of its customers were stored.Planet Home notified the FBI about the incident and said in the letter that “in accordance with the standard recommendation of the FBI and financial regulators, we have not paid, and do not anticipate paying, any ransom amount to the threat actor.”A spokesperson said Planet Home's operations were not adversely impacted and that the company has implemented additional safeguards to prevent future incidents. The company has offered 24 months of complimentary credit monitoring and identity protection services to those whose data was impacted.
Ransomware, Breach, Vulnerability Management
Planet Home Lending notifies customers of LockBit ransomware incident

The LockBit ransomware group exploited the Citrix Bleed flaw to obtain customer data from Planet Home Lending. (Adobe Stock)
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



