The state of New York is suing Citibank, alleging it failed to protect customers against scams and hacks that netted millions.
The lawsuit filed by New York Attorney General, Letitia James, stated that "Citi has not deployed sufficiently robust data security measures to protect consumer financial accounts, respond appropriately to red flags, or limit theft by scam." It also alleged that Citi overpromised and underdelivered on security, then reacted ineffectively to fraud alerts, misled consumers and denied their claims.
The Office of the Attorney General (OAG) noted a litany of red flags were not being responded to effectively by Citi, including the transfer of funds from several accounts into one account, then sending tens of thousands of dollars "out the door" in quick succession, and scammers who use unrecognised devices, access accounts from new locations, or change account passwords or usernames.
Citi falsely reassured affected customers that their accounts were secure and promised that their money would be returned, although the bank didn't immediately take steps to recover stolen funds. Customers were also told - falsely - that they needed to visit local branches to execute affidavits detailing the scams that led to their losses. Citi would then use these to blame consumers and deny their claims.
One New Yorker had $40,000 stolen from her retirement savings account, after she clicked on a link in a text message that appeared to be from Citi, instructing her to log onto a website or call her local branch. After providing no more information, the customer reported the suspicious activity but was told not to worry about it. A scammer then changed her banking password, transferred $70,000 between her accounts, and executed a $40,000 wire transfer. None of this was consistent with the customer's previous account activity and, after she continued contacting the bank and submit affidavits, she was told her claim for fraud was denied.
“Banks are supposed to be the safest place to keep money, yet Citi’s negligence has allowed scammers to steal millions of dollars from hardworking people,” said Attorney General James. “If a bank cannot secure its customers’ accounts, they are failing in their most basic duty. There is no excuse for Citi’s failure to protect and prevent millions of dollars from being stolen from customers’ accounts."
Attorney General James also let it be know she was taking a hard stand with all banks: "My office will not write off illegal behaviour from big banks.”
