InfoSecBulletin Cybersecurity for mankind
The attorney general’s office in New York state has sued Citibank for not protecting customers from electronic fraud and not reimbursing the victims. This has resulted in millions of dollars in losses for customers in the state.
Attorney General Letitia James filed a lawsuit in federal court in Manhattan. She claimed that Citi’s weak security measures enabled scammers to easily enter users’ accounts and steal their deposits by making unauthorized wire transfers.
CVSS 9.6: IBM QRadar & Cloud Pak Security Flaws Exposed
ALERT
Thousands of IP addresses compromised nationwide: CIRT warn
New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries
Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks
Critical RCE Flaw Patched in Roundcube Webmail
Hacker claim Leak of Deloitte Source Code & GitHub Credentials
CISA Issued Guidance for SIEM and SOAR Implementation
Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora
Australia enacts mandatory ransomware payment reporting
Why Govt Demands Foreign CCTV Firms to Submit Source Code?
“Banks are supposed to be the safest place to keep money, yet Citi’s negligence has allowed scammers to steal millions of dollars from hardworking people,” James said in a statement.
Citi improved security measures to reduce wire fraud. They claim to have followed all relevant laws and regulations.
“Banks are not required to make clients whole when those clients follow criminals’ instructions and banks can see no indication the clients are being deceived,” the spokesman said.
James sued Citibank. He wanted Citibank to return its profits and pay a $5,000 fine for each time it broke the law. James also wanted Citibank to hire someone to find all the customers who were hurt.
Customers who reported fraud had to wait a long time on the phone. Citi’s staff promised reimbursement, but the bank did not take immediate action to recover the funds.
The lawsuit involves two clients. One of them had $40,000 stolen from her retirement savings account in 2021 after clicking on a text message link that seemed to be from Citi.
The customer reported suspicious activity and was told not to worry. But three days she later discovered a scammer had changed her banking password and enrolled in online wire transfers. The bank denied her fraud claim.
Another New Yorker had $35,000 stolen from her. She discovered a message in her online account stating that it was suspended and instructing her to call a phone number.
The scammer tricked her by promising Citi codes to check for suspicious activity. Then, he moved all the money from her three savings accounts to her checking account, changed her online passwords, and stole $35,000.
Source: CBS, Reuteres, NY post
