Quantcast

Conn. AG reaches $55,000 settlement with Citibank

LEGAL NEWSLINE

Saturday, December 21, 2024

Conn. AG reaches $55,000 settlement with Citibank

Jepsen

HARTFORD, Conn. (Legal Newsline) -- Connecticut Attorney General George Jepsen announced Thursday a $55,000 settlement with Citibank N.A., resolving allegations of a faulty data security system that allowed hackers to access user accounts.



Jepsen worked with California Attorney General Kamala Harris' office to look into a known technical vulnerability in Citibank's Account Online web-based service that allegedly let hackers access multiple user accounts. The hackers accessed account information for more than 360,000 Citibank customers, including approximately 5,066 Connecticut residents.


Citibank allegedly knew about the vulnerability when the breach occurred on May 10, 2011, but the company failed to permanently fix the issue until May 27, 2011.


Citibank did not notify affected customers until June 3, 2011.


"Citibank represented to its customers that its online system was secured, but ultimately the techniques hackers used to obtain individual account information were relatively simple and unsophisticated," Jepsen said in a statement.


"This settlement not only ensures that Citibank will be responsive to its customers should this system experience a breach in the future, it also requires the company to review and audit its security protocols."


Under the terms of the proposed settlement, Citibank will pay $15,000 in civil penalties to the state's Privacy Protection Guaranty and Enforcement Account and $40,000 to the state's General Fund to resolve allegations of Connecticut Unfair Trade Practices Act violations.


Citibank also must hire an independent third party to conduct an information security audit of its Account Online and report a detailed summary of the findings to Jepsen's office.


Citibank must maintain reasonable security practices to protect vulnerabilities in the future and must provide appropriate notice and free credit monitoring for two years to individuals affected by certain future security incidents involving Account Online.


Jepsen thanked Harris and her staff for their partnership on this case.


The settlement is still awaiting court approval.

More News