Securing business data

News Article

Tesco Bank Fined £16.4 Million Over Cyber Attack

by Giulia Foss | 02 Oct 2018


In 2016 Tesco bank suffered a crippling cyber attack that left thousands of customers unable to make online transactions for 48hrs. During the attack, £2.5 million in cash was fraudulently removed from accounts. Tesco were forced to immediately pay out this figure to cover the loss that customers had suffered as a result.

Every little could have helped…

Many people were left wondering how a corporation such as Tesco could fall victim to such a  serious breach. The reality was that Tesco had deficient systems in place ultimately leading to a vulnerability that was readily exploited by criminals. When The Financial Conduct Authority (FCA) looked into the attack in more depth, they were able to discern that the perpetrators “exploited deficiencies in Tesco Bank’s design of its debit card, its financial crime controls and in its financial crime operations team”.

The FCA stated that the bank had failed to exercise due skill, care and diligence in protecting its personal current account holders against a cyber-attack.

It was these findings that lead to the decision of the FCA, to fine the the bank a huge £16.5 million.

Mark Steward, executive director of enforcement and market oversight at the FCA said: “The fine the FCA imposed on Tesco Bank today reflects the fact that the FCA has no tolerance for banks that fail to protect customers from foreseeable risks. In this case, the attack was the subject of a very specific warning that Tesco Bank did not properly address until after the attack started. This was too little, too late. Customers should not have been exposed to the risk at all.”

Steward went on to say: “Banks must ensure that their financial crime systems and the individuals who design and operate them work to substantially reduce the risk of such attacks occurring in the first place. The standard is one of resilience, reducing the risk of a successful cyber-attack occurring in the first place, not only reacting to an attack.”

Making some change!

Understanding the ever evolving threat landscape is crucial to protecting business data. With the growing sophistication and determination of hackers and an increasingly shallow IT security talent pool, businesses must start looking outside of their own IT departments to mitigate the security risk – this is where Managed Security Services (MSS) can help.

Why should you consider Managed Security Services?

  1. Delivering speed on value: An in-house security operations centre can take a long time and be costly for businesses. Speed to value is just one reason why an increasing number of organisations of all sizes are exploring MSS.

  2. Trusted cyber intelligence: Most organisations don’t have the infrastructure or resources to stay ahead of attackers. MSS can put data in context for your business, with an effective 24/7/365 focus.

  3. Continuous compliance: Formulating the increasing number of compliance audits is an arduous and complex task. MSS providers offer a continuous compliance service and can offer best practice advice and guidance to businesses.

Click here to read the full paper on how Managed Security Services can provide your organisation with more confidence when it comes to cyber security, compliance and the return on your investment. 

CLICK HERE to register for your free cyber security consultation


call us

Get in touch

Talk to our experts today +44 (0) 20 7592 8800

Send us a message

We'll get back to you Send us a message

Connect with us

See what we're saying elsewhere