InfoSecBulletin Cybersecurity for mankind
The attorney general’s office in New York state has sued Citibank for not protecting customers from electronic fraud and not reimbursing the victims. This has resulted in millions of dollars in losses for customers in the state.
Attorney General Letitia James filed a lawsuit in federal court in Manhattan. She claimed that Citi’s weak security measures enabled scammers to easily enter users’ accounts and steal their deposits by making unauthorized wire transfers.
CVSS 10.0 Flaw
Critical flaw in Siemens OZW Web Servers Enable Unauthenticated RCE
Microsoft Patch Tuesday May 2025: 72 flaws, 5 Actively Exploited Zero-Day
OTP glitch disrupted NID services across the country
Google to pay Texas $1.4 billion for location tracking practices
YouTube geo-blocks at least 4 Bangladeshi TV channels in India
Microsoft Patches Four Critical Azure and Power Apps Vulns
Qilin Ransomware topped April 2025 with 45+ data leak disclosures
SonicWall Patches 3 Flaws in SMA 100 Devices
Top Ransomware Actively Attacking Financial Sector: 406 Incidents Disclosed
Critical (CVSS 10) Flaw in Cisco IOS XE WLCs Allows RRA
“Banks are supposed to be the safest place to keep money, yet Citi’s negligence has allowed scammers to steal millions of dollars from hardworking people,” James said in a statement.
Citi improved security measures to reduce wire fraud. They claim to have followed all relevant laws and regulations.
“Banks are not required to make clients whole when those clients follow criminals’ instructions and banks can see no indication the clients are being deceived,” the spokesman said.
James sued Citibank. He wanted Citibank to return its profits and pay a $5,000 fine for each time it broke the law. James also wanted Citibank to hire someone to find all the customers who were hurt.
Customers who reported fraud had to wait a long time on the phone. Citi’s staff promised reimbursement, but the bank did not take immediate action to recover the funds.
The lawsuit involves two clients. One of them had $40,000 stolen from her retirement savings account in 2021 after clicking on a text message link that seemed to be from Citi.
The customer reported suspicious activity and was told not to worry. But three days she later discovered a scammer had changed her banking password and enrolled in online wire transfers. The bank denied her fraud claim.
Another New Yorker had $35,000 stolen from her. She discovered a message in her online account stating that it was suspended and instructing her to call a phone number.
The scammer tricked her by promising Citi codes to check for suspicious activity. Then, he moved all the money from her three savings accounts to her checking account, changed her online passwords, and stole $35,000.
Source: CBS, Reuteres, NY post
