New York Attorney General Files Lawsuit Against Citibank Over Cybersecurity Lapses
New York Attorney General Letitia James has launched a legal battle against Citibank, accusing the financial giant of inadequate cybersecurity practices that have purportedly left its customers vulnerable to hackers. The lawsuit, unveiled on Tuesday by the Attorney General’s office, alleges that insufficient security protocols at Citibank have led to substantial financial losses for numerous New York consumers, with some individuals losing their entire life savings to cybercriminals.
According to the lawsuit, the bank’s reliance on basic security measures, such as usernames and passwords, has rendered its customers an easy target for phishing attacks. Scammers have been exploiting these vulnerabilities to impersonate Citibank, deceiving customers through fraudulent websites, online messages, and phone calls. The lawsuit further contends that Citibank’s failure to monitor anomalous activities, such as access from unfamiliar devices or locations, has facilitated unauthorized account takeovers and subsequent fund looting by attackers.
The Attorney General’s office has also accused Citibank of neglecting its obligations under the Electronic Fund Transfer Act, a federal regulation designed to shield consumers in electronic fund transactions. The lawsuit claims that Citibank has exhibited a lack of urgency in responding to customers’ fraud reports and has not taken prompt action to recover the amounts transferred fraudulently. Additionally, the bank is criticized for its allegedly inadequate response to fraud notifications, leaving affected customers stranded on lengthy phone holds, thereby allowing the fraudulent activities to persist.
In response to these serious allegations, Citibank has defended its practices, asserting adherence to banking regulations and attributing a portion of the blame to consumers who fall victim to scams. The bank emphasized that it is not obligated to compensate clients who act on criminals’ instructions when the bank itself detects no signs of deception. Nevertheless, Citibank acknowledged the industry-wide escalation in wire fraud and highlighted its proactive measures to bolster client security. These measures include advanced security protocols, fraud prevention tools, scam awareness initiatives, and client education efforts, which, according to Citibank, have substantially reduced client wire fraud losses.
The lawsuit seeks restitution for the defrauded consumers, with added interest, and calls for the implementation of improved anti-fraud defenses by Citibank to prevent future security breaches. The outcome of this high-profile case could set a precedent, potentially influencing cybersecurity policies and practices across the banking sector amid the ongoing surge in online financial crimes.