InfoSecBulletin Cybersecurity for mankind
The attorney general’s office in New York state has sued Citibank for not protecting customers from electronic fraud and not reimbursing the victims. This has resulted in millions of dollars in losses for customers in the state.
Attorney General Letitia James filed a lawsuit in federal court in Manhattan. She claimed that Citi’s weak security measures enabled scammers to easily enter users’ accounts and steal their deposits by making unauthorized wire transfers.
CISA: Splunk flaw under active exploit, patch by Sunday
Texas data breach exposes 3 million driver’s licenses
Critical Cisco ISE Vulnerability Enables Remote Code Execution
F5 Patches NGINX Flaw for Code Execution and DoS Attacks
FortiBleed: 70,000 Fortinet Firewalls Compromised Globally
New Rokarolla Android malware hits 217 banking and crypto apps
Phishing Campaign Exploits Legitimate Microsoft Login Flow
ALERT
Cisco SD-WAN Zero-Day, FortiSandbox and cPanel flaws exploited in attacks
“Panthalassa” builds floating AI data centers powered by ocean waves
Critical Wazuh Vuln Enables Alert Tampering and Evidence Deletion
“Banks are supposed to be the safest place to keep money, yet Citi’s negligence has allowed scammers to steal millions of dollars from hardworking people,” James said in a statement.
Citi improved security measures to reduce wire fraud. They claim to have followed all relevant laws and regulations.
“Banks are not required to make clients whole when those clients follow criminals’ instructions and banks can see no indication the clients are being deceived,” the spokesman said.
James sued Citibank. He wanted Citibank to return its profits and pay a $5,000 fine for each time it broke the law. James also wanted Citibank to hire someone to find all the customers who were hurt.
Customers who reported fraud had to wait a long time on the phone. Citi’s staff promised reimbursement, but the bank did not take immediate action to recover the funds.
The lawsuit involves two clients. One of them had $40,000 stolen from her retirement savings account in 2021 after clicking on a text message link that seemed to be from Citi.
The customer reported suspicious activity and was told not to worry. But three days she later discovered a scammer had changed her banking password and enrolled in online wire transfers. The bank denied her fraud claim.
Another New Yorker had $35,000 stolen from her. She discovered a message in her online account stating that it was suspended and instructing her to call a phone number.
The scammer tricked her by promising Citi codes to check for suspicious activity. Then, he moved all the money from her three savings accounts to her checking account, changed her online passwords, and stole $35,000.
Source: CBS, Reuteres, NY post
