InfoSecBulletin Cybersecurity for mankind
The attorney general’s office in New York state has sued Citibank for not protecting customers from electronic fraud and not reimbursing the victims. This has resulted in millions of dollars in losses for customers in the state.
Attorney General Letitia James filed a lawsuit in federal court in Manhattan. She claimed that Citi’s weak security measures enabled scammers to easily enter users’ accounts and steal their deposits by making unauthorized wire transfers.
“Forces Penpals” exposed US and UK Military Social Network’s 1 Million Records
CVE-2024-51503
Trend Micro released updates for Deep Security Agent RCE
Apple Releases Patch for two Actively Exploited Zero-Day
Maxar Space Data Leak, Company admit, Investigation ongoing!
GitHub CLI Vulnerability Could Allow RCE
“Sarcoma” ransomware group
Hacker to disclose “Popular Life Insurance” 36 GB of stolen data
BugHunt 2024: A Milestone Cyber security Competition held at Dhaka
TP-Link DHCP Vulnerability Allow Attackers Takeover Routers Remotely
WSJ reports
T-Mobile hacked in massive breach of telecom networks
Palo Alto Networks Confirms critical RCE zero-day actively exploited
“Banks are supposed to be the safest place to keep money, yet Citi’s negligence has allowed scammers to steal millions of dollars from hardworking people,” James said in a statement.
Citi improved security measures to reduce wire fraud. They claim to have followed all relevant laws and regulations.
“Banks are not required to make clients whole when those clients follow criminals’ instructions and banks can see no indication the clients are being deceived,” the spokesman said.
James sued Citibank. He wanted Citibank to return its profits and pay a $5,000 fine for each time it broke the law. James also wanted Citibank to hire someone to find all the customers who were hurt.
Customers who reported fraud had to wait a long time on the phone. Citi’s staff promised reimbursement, but the bank did not take immediate action to recover the funds.
The lawsuit involves two clients. One of them had $40,000 stolen from her retirement savings account in 2021 after clicking on a text message link that seemed to be from Citi.
The customer reported suspicious activity and was told not to worry. But three days she later discovered a scammer had changed her banking password and enrolled in online wire transfers. The bank denied her fraud claim.
Another New Yorker had $35,000 stolen from her. She discovered a message in her online account stating that it was suspended and instructing her to call a phone number.
The scammer tricked her by promising Citi codes to check for suspicious activity. Then, he moved all the money from her three savings accounts to her checking account, changed her online passwords, and stole $35,000.
Source: CBS, Reuteres, NY post
