City Bank Confirms Bug in Statement Portal, Assures No Financial Loss

City Bank has acknowledged a bug in its statement portal but assured that hackers were unable to cause any financial loss. The bank claims that a minor technical glitch, which posed no financial harm to the bank or its customers, has been exaggerated, leading to unwarranted negative publicity.

In a statement issued on Saturday, the bank emphasized, “We urge everyone to put an end to all rumors or conspiracies regarding this incident.” City Bank explained, “A few days ago, our statement portal experienced a glitch, which in IT terminology is referred to as a ‘system glitch’ or ‘bug.’ This portal, secured with two-factor authentication (2FA), is exclusively designed for customers to view account statements. It does not allow any financial transactions.”

The issue came to light on January 2 through a cybersecurity monitoring agency. According to City Bank, the glitch allowed hackers to access the statements (not the accounts) of only one or a negligible number of accounts. “For instance, if a user or hacker entered another customer’s account number while viewing their own statement, the system failed to send an OTP (One-Time Password) to the registered phone of the actual account holder,” the bank clarified. The issue was resolved immediately upon discovery.

“We promptly canceled all unauthorized sessions on the portal and rectified the bug. We have a dedicated real-time monitoring team for observing cybersecurity risks, which has since been restructured for enhanced vigilance,” the statement added.

Reassuring customers, City Bank stated, “All financial data with us remains completely secure. Hackers were unable to cause any financial loss. They only managed to access one or two customer account statements. None of our core banking systems were compromised, and no customer data has been sold on the dark web.”

The bank further assured that robust measures have been implemented to prevent any recurrence of such incidents.