Citibank Customers Lost Thousands in Savings Due to Their Own Security Glitch, and They Refuse to Pay Them Back

By: Chris Gorrie | Published: Feb 15, 2024

In the heart of New York City, Citibank, once seen as a symbol of financial stability, faces serious allegations from New York Attorney General Letitia James. 

The lawsuit filed in the US District Court for the Southern District of New York accuses Citibank of neglecting to reimburse scam victims, leaving them exposed to financial devastation due to what is described as inadequate online security measures.

Citibank’s Lax Security Protocols and Procedures

At the center of the legal battle is the claim that Citibank’s digital defenses, or lack thereof, have allowed unauthorized account takeovers, resulting in substantial financial losses for customers.

New York Attorney General Letitia James sitting at a desk with a name placard and a microphone.

Freelancers Union/Wikimedia Commons

From life savings to college funds, New Yorkers have experienced severe consequences due to what the Attorney General’s office deems “illegal and deceptive acts and practices.”


New Yorker Loses $35,000 in Citibank Scam

One particularly distressing account involves a New York resident who, prompted by a suspicious activity alert, inadvertently fell prey to a scammer masquerading as a Citibank representative. 

A computer screen showing many lines of code running across it.

Markus Spiske/Unsplash

Despite immediate attempts to rectify the situation, she incurred a staggering loss of $35,000. The absence of a meaningful response or reimbursement from Citibank deepens the sense of despair woven into her unfortunate story.

Citibank Customer is Dismissed After Reporting Fraud

In another instance, a customer reported dubious transactions totaling $70,000 to her local branch, only to face dismissal from her local branch. 

A woman holds an iPhone to her ear and faces away from the viewer.

Taylor Grote/Unsplash

Her worst fears later materialized as her account fell victim to compromise. These narratives reveal a disconcerting reality: individuals who, conscientiously acting on their instincts to safeguard their financial assets, find themselves abandoned and unsupported by Citibank.

What the Lawsuit Against Citibank Argues

The lawsuit contends that Citibank has not implemented sufficiently robust data security measures to protect consumer financial accounts, highlighting a stark contrast between the bank’s security promises and its actual implementation. 

Letitia James speaking at a podium in the street in New York City.

Alec Perkins/Wikimedia Commons

This alleged negligence has not only led to significant financial losses for citizens but has also eroded the trust upon which the banking sector heavily relies.

What Citibank Has to Say

Despite these allegations, Citibank asserts the effectiveness of its security protocols and refund policies, emphasizing compliance with wire transfer laws and regulations and a commitment to fraud prevention. 

People walk on the sidewalk in front of a Citibank branch.

Source: TonyTheTiger/Wikimedia Commons

Citi acknowledges the industry-wide challenge of wire fraud and details efforts to enhance client security through advanced protocols and educational initiatives on scam awareness.


What About the Electronic Fund Transfer Act?

However, the Attorney General’s lawsuit argues that, under the Electronic Fund Transfer Act (EFTA), banks like Citibank are obligated to reimburse customers for unauthorized transactions, underlining a clear legal responsibility that goes beyond stated policies.

A close-up of a person’s hand pressing a button on an ATM keyboard.

Eduardo Soares/Unsplash

The EFTA, commonly referred to as Regulation E, stands as a pivotal federal law designed to protect consumers engaged in various electronic fund transfer activities. Encompassing transactions such as debit card usage, ATM cash withdrawals, and receipt of direct deposits, the EFTA establishes a framework to ensure the security and rights of individuals participating in these financial transactions.


Lawsuit Seeks Restitution and Stricter Consumer Protection

As the legal battle unfolds, the implications for Citibank and its customers are significant. 

A close-up of a person’s hands counting out US bills.

Source: Igal Ness/Unsplash

The lawsuit not only seeks restitution for affected individuals but also aims to enforce stricter consumer protection measures, placing the onus on financial institutions to secure their clients’ assets against evolving threats.


A Stark Reminder About Digital Security Practices

This case serves as a crucial reminder of the necessity for robust digital security practices to protect financial integrity. For Citibank, it represents an opportunity to reevaluate and fortify its defenses, rebuilding trust in its capacity to safeguard customers in an increasingly digital landscape.

A man sits wearing headphones and glasses in a dimly lit room. Before him are two computer monitors and a laptop.

Jefferson Santos/Unsplash

As the narrative unfolds, attention will be focused on the lawsuit’s outcome and its potential to reshape the consumer banking security landscape. While justice may be on the horizon for scam victims, the scars left by these breaches of trust will inevitably take time to heal. Now, let’s take a quick look at three of the largest data breaches of all time.


CAM4 Data Breach

In March 2020, the adult video streaming website CAM4 experienced a severe data breach, exposing a staggering 10.88 billion records. 

CAM4 website logo, showing “CAM” written in black letters with the numeral “4” directly following in orange.

Rocklandderek/Wikimedia Commons

This breach compromised sensitive information, including full names, email addresses, sexual orientation, chat transcripts, and more. The breadth of the exposed data poses significant risks, potentially leading to blackmail and defamation attempts against affected individuals.


Yahoo! Data Breach

In 2017, Yahoo! disclosed a major data breach that originally occurred in August 2013, impacting 1 billion user accounts. 

The Yahoo! Headquarters building in Sunnyvale, California photographed in daytime.

Coolcaesar/Wikimedia Commons

The compromised data included security questions and answers, significantly elevating the risk of identity theft. By October 2017, Yahoo! revised its estimate, revealing that a total of 3 billion user accounts were compromised in what became one of the largest data breaches in history.


Aadhaar Data Breach

In March 2018, the Aadhaar database, recognized as the world’s largest biometric database, fell victim to a significant data leak

An Aadhaar logo on a glass door in Bhopal, India.

Suyash.dwivedi/Wikimedia Commons

This breach exposed the personal details of a staggering 1.1 billion people in India, raising critical concerns about privacy and security for individuals enrolled in the Aadhaar system. The scale of this breach underscored the challenges associated with safeguarding extensive biometric data.