Connect with us

Hi, what are you looking for?


Fraud & Identity Theft

New York Sues Citibank Over Poor Data Security

New York attorney general is suing Citibank for failing to protect customers against hackers and fraudsters who have stolen millions.

Citibank sued over poor cybersecurity practices

The attorney general of the state of New York has sued Citibank over the financial institution’s alleged failure to protect customers against hackers and fraudsters, as well as its refusal to reimburse victims. 

New York AG Letitia James said individuals in the state have lost millions of dollars as a result of cybercrime schemes that are possible due to Citi’s failure to implement strong data security and anti-breach practices. 

“As a result of Citi’s lax security protocols and procedures, ineffective monitoring systems, and failure to respond in real-time and properly investigate fraud claims, New Yorkers have lost millions to scammers,” the AG’s office said in a press release. “Customers have lost their life savings, their children’s college funds, or even money needed to support their day-to-day lives as a result of Citi’s illegal and deceptive acts and practices.” 

In its complaint, the attorney general has provided several specific examples of New Yorkers who had tens of thousands of dollars stolen from their accounts after being tricked by cybercriminals.

It’s worth pointing out that these incidents do not appear to involve exploitation of any software vulnerabilities or access to Citi systems. Instead, the threat actors rely heavily on social engineering to trick victims into handing over the information needed to access their accounts and conduct unauthorized transfers. 

However, the AG believes Citi should have more efficient systems in place to detect signs of fraud, for instance, based on unrecognized device locations, suspicious password or username changes, and suspicious transfers. 

The bank has also been accused of being slow to respond to fraud reports coming from customers.

In addition, the AG says the bank should reimburse victims of such crimes under the Electronic Fund Transfer Act (EFTA), but Citi is allegedly exploiting a loophole to deny reimbursement claims. 

Advertisement. Scroll to continue reading.

In response to the lawsuit, Citi said it works hard to prevent fraud and assist impacted customers, but noted, “Banks are not required to make customers whole when those customers follow criminals’ instructions and banks can see no indication the customers are being deceived.”

Related: Two More Individuals Charged for DraftKings Hacking

Related: Data of 750 Million Indian Mobile Subscribers Sold on Hacker Forums

Related: 1.5 Million Affected by Data Breach at Insurance Broker Keenan & Associates

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Kim Larsen is new Chief Information Security Officer at Keepit

Professional services company Slalom has appointed Christopher Burger as its first CISO.

Allied Universal announced that Deanna Steele has joined the company as CIO for North America.

More People On The Move

Expert Insights

Related Content

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Fraud & Identity Theft

Famed hacker Kevin Mitnick has died after a battle with pancreatic cancer.  At the time of his death, he was Chief Hacking Officer at...

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...


Deepfakes, left unchecked, are set to become the cybercriminals’ next big weapon


A threat actor tracked as ‘Scattered Spider’ is targeting telecommunications and business process outsourcing (BPO) companies in an effort to gain access to mobile...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...


While there are likely many different approaches, here are a few points that are important for enterprises to consider when evaluating bot solutions.