New York State Sues Citibank For Failing To Protect Customers Against Scams And Hacks

Giulio Saggin
Giulio Saggin
Wednesday, 31 January 2024
New York State Sues Citibank For Failing To Protect Customers Against Scams And Hacks
Photo: Miquel Parera / Unsplash

The state of New York is suing Citibank, alleging it failed to protect customers against scams and hacks that netted millions.

The lawsuit filed by New York Attorney General, Letitia James, stated that "Citi has not deployed sufficiently robust data security measures to protect consumer financial accounts, respond appropriately to red flags, or limit theft by scam." It also alleged that Citi overpromised and underdelivered on security, then reacted ineffectively to fraud alerts, misled consumers and denied their claims.

The Office of the Attorney General (OAG) noted a litany of red flags were not being responded to effectively by Citi, including the transfer of funds from several accounts into one account, then sending tens of thousands of dollars "out the door" in quick succession, and scammers who use unrecognised devices, access accounts from new locations, or change account passwords or usernames.

Citi falsely reassured affected customers that their accounts were secure and promised that their money would be returned, although the bank didn't immediately take steps to recover stolen funds. Customers were also told - falsely - that they needed to visit local branches to execute affidavits detailing the scams that led to their losses. Citi would then use these to blame consumers and deny their claims.

One New Yorker had $40,000 stolen from her retirement savings account, after she clicked on a link in a text message that appeared to be from Citi, instructing her to log onto a website or call her local branch. After providing no more information, the customer reported the suspicious activity but was told not to worry about it. A scammer then changed her banking password, transferred $70,000 between her accounts, and executed a $40,000 wire transfer. None of this was consistent with the customer's previous account activity and, after she continued contacting the bank and submit affidavits, she was told her claim for fraud was denied.

“Banks are supposed to be the safest place to keep money, yet Citi’s negligence has allowed scammers to steal millions of dollars from hardworking people,” said Attorney General James. “If a bank cannot secure its customers’ accounts, they are failing in their most basic duty. There is no excuse for Citi’s failure to protect and prevent millions of dollars from being stolen from customers’ accounts."

Attorney General James also let it be know she was taking a hard stand with all banks: "My office will not write off illegal behaviour from big banks.”

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.


SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203