InfoSecBulletin Cybersecurity for mankind
The attorney general’s office in New York state has sued Citibank for not protecting customers from electronic fraud and not reimbursing the victims. This has resulted in millions of dollars in losses for customers in the state.
Attorney General Letitia James filed a lawsuit in federal court in Manhattan. She claimed that Citi’s weak security measures enabled scammers to easily enter users’ accounts and steal their deposits by making unauthorized wire transfers.
Cisco released security updates for two critical security flaws
OpenBAS: Cutting-edge breach and attack simulation platform
Critical Security Flaws Patched in Zyxel Networking Devices
CVE-2024-38811: CEV In VMware Fusion Unveiled
CERT-IN Warns Vulnerabilities in Palo Alto Networks applications
How Malaysia’s Data Centre Industry Poised for Growth
RansomHub exfiltrated data over 210 victims: US alert
Godzilla Fileless Backdoor Exploits Atlassian Confluence flaw
New Cicada ransomware targets VMware ESXi servers
Monday hits two UK bank apps causes outages
“Banks are supposed to be the safest place to keep money, yet Citi’s negligence has allowed scammers to steal millions of dollars from hardworking people,” James said in a statement.
Citi improved security measures to reduce wire fraud. They claim to have followed all relevant laws and regulations.
“Banks are not required to make clients whole when those clients follow criminals’ instructions and banks can see no indication the clients are being deceived,” the spokesman said.
James sued Citibank. He wanted Citibank to return its profits and pay a $5,000 fine for each time it broke the law. James also wanted Citibank to hire someone to find all the customers who were hurt.
Customers who reported fraud had to wait a long time on the phone. Citi’s staff promised reimbursement, but the bank did not take immediate action to recover the funds.
The lawsuit involves two clients. One of them had $40,000 stolen from her retirement savings account in 2021 after clicking on a text message link that seemed to be from Citi.
The customer reported suspicious activity and was told not to worry. But three days she later discovered a scammer had changed her banking password and enrolled in online wire transfers. The bank denied her fraud claim.
Another New Yorker had $35,000 stolen from her. She discovered a message in her online account stating that it was suspended and instructing her to call a phone number.
The scammer tricked her by promising Citi codes to check for suspicious activity. Then, he moved all the money from her three savings accounts to her checking account, changed her online passwords, and stole $35,000.
Source: CBS, Reuteres, NY post
