Citibank Sued for Allegedly Failing to Protect Users From Hackers



New York Attorney General Letitia James is trying to force Citibank to invest more in cybersecurity by filing a lawsuit that alleges the company has been failing to protect users from hackers. “As a result of Citi’s lax security, New York customers have lost millions of dollars, and in some instances, their entire life savings, to scammers and hackers,” the NY Attorney General’s office said on Tuesday. The lawsuit claims hackers have been successfully stealing funds from Citibank customers because of woeful security measures at the company, including the use of only a username and password to protect accounts instead of two-factor authentication. That’s made it easier for scammers to phish Citibank customers through fake online messages, websites, or phone calls from people impersonating the bank. Once an account is hijacked, the attacker can also easily loot the funds because Citibank allegedly does nothing to monitor out-of-the-ordinary activity, like a user account being accessed from unrecognized devices or different locations. “Citi permits scammers to alter contact information, usernames, and passwords, upgrade accounts to access online wire transfer services, and consolidate funds across multiple accounts, all without subjecting to robust scrutiny scammers’ subsequent requests to initiate large-dollar wire transfers that will empty consumers’ accounts,” the lawsuit alleges. AG James is also accusing Citibank of failing to comply with the Electronic Fund Transfer Act, a US law that’s designed to protect consumers when they transfer funds electronically. “Yet when panicked consumers notify Citi of fraudulent activity on their accounts, there is no mention of the EFTA. Nor did Citi take immediate action in the past to recover amounts it wired out,” the lawsuit argues. The AG’s office also points out Citibank has refused to refund some victims who’ve lost money to the scams, even though they tried to ask for assistance from the company. “In addition, Citi fails to appropriately respond to notifications of fraud by its customers. When victims contact the bank to report fraud, Citi leaves them on lengthy telephone holds, allowing scammers to continue their fraud,” the office says. 

Recommended by Our Editors

The lawsuit is now demanding Citibank pay back defrauded consumers with interest and adopt better anti-fraud defenses to stamp out future hacks. If New York wins the case, then it could have ramifications for banks across the industry at a time when online financial crimes remain rampant. But in response to the lawsuit, Citibank—which maintains over 200 million customer accounts across the globe—said it follows banking regulations. The company also blamed part of the problem on consumers falling for scams. “Banks are not required to make clients whole when those clients follow criminals’ instructions and banks can see no indication the clients are being deceived,” the company said in a statement.“However, given the industry-wide surge in wire fraud during the last several years, we’ve taken proactive steps to safeguard our clients’ accounts with leading security protocols, intuitive fraud prevention tools, clear insights about the latest scams, and driving client awareness and education,” Citibank added. “Our actions have reduced client wire fraud losses significantly, and we remain committed to investing in fraud prevention measures to help our clients secure their accounts against emerging threats.”

Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.

We will be happy to hear your thoughts

Leave a reply

Shoparoon
Logo
Compare items
  • Total (0)
Compare
0
Shopping cart