A major cybersecurity breach at FEMA exposed employee data and led to the dismissal of key IT staff due to vulnerabilities. The attack exploited Citrix infrastructure with compromised credentials, highlighting weaknesses in FEMA’s cybersecurity defenses. #CitrixBleed #FEMABreach
Keypoints
- The breach began on June 22 through compromised Citrix login credentials.
- Data from FEMA Region 6, which services multiple southern states and tribal nations, was exfiltrated.
- FEMA’s cybersecurity deficiencies included lack of multi-factor authentication and outdated protocols.
- Two dozen FEMA IT employees were dismissed for resisting fixes and hiding vulnerabilities.
- The attack involved the CitrixBleed 2.0 vulnerability, which can leak memory content and bypass security controls.