Tesco Bank Fined £16.4m For Exposing Customers

Uploaded on 2018-10-02 in NEWS-News Analysis, FREE TO VIEW, BUSINESS-Services-Law, BUSINESS-Services-Financial

Tesco Bank has agreed to pay £16.4m as part of a settlement with the Financial Conduct Authority following a cyber-attack in 2016.Tesco said the attack did not involve the theft or loss of any customers’ data, but led to 34 transactions in which funds were debited from accounts, and other customers having normal service disrupted.

The FCA said the fraud netted cyber-attackers £2.26m, exploiting “deficiencies” in Tesco Bank’s design of its debit card, its financial crime controls and in its financial crime operations team.

But it added that, following the attack, Tesco Bank immediately put in place a “comprehensive redress” programme and devoted significant resources to improving the deficiencies that left the bank vulnerable to the attack. Had Tesco Bank not provided a high level of cooperation to the FCA and agreed to an early settlement, the watchdog would have fined the lender £33.56m.

The Tesco Bank chief executive, Gerry Mallon, said: “We are very sorry for the impact that this fraud attack had on our customers. Our priority is always the safety and security of our customers’ accounts and we fully accept the FCA’s notice.
“We have significantly enhanced our security measures to ensure that our customers’ accounts have the highest levels of protection. I apologise to our customers for the inconvenience caused in 2016.”

Mark Steward, the executive director of enforcement and market oversight at the FCA, said: “The fine the FCA imposed on Tesco Bank today reflects the fact that the FCA has no tolerance for banks that fail to protect customers from foreseeable risks.

“In this case, the attack was the subject of a very specific warning that Tesco Bank did not properly address until after the attack started. This was too little, too late. Customers should not have been exposed to the risk at all.

“Banks must ensure that their financial crime systems and the individuals who design and operate them work to substantially reduce the risk of such attacks occurring in the first place.

“The standard is one of resilience, reducing the risk of a successful cyber-attack occurring in the first place, not only reacting to an attack.”

Guardian:

You Might Also Read:

Tesco Could Have Been Facing £2bn Fine After The Bank Hack:

British Airways Faces £Multimillion Fine:

ICO Fine Facebook Half A Million Pounds:

 

 

« How To Hack the Hackers: The Human Side Of Cybercrime
The Image Of Julian Assange Grows Darker »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ASIS International

ASIS International

ASIS International is a global community of security practitioners with a role in the protection of assets - people, property, and/or information.

Institute for National Security and Counterterrorism (INSCT)

Institute for National Security and Counterterrorism (INSCT)

INSCT is a center for the study of national security, international security, and counterterrorism. Research programs include New Frontiers in Science, Cyber, & Technology

Tymlez Software & Consulting

Tymlez Software & Consulting

Tymlez Software and Consulting is a start-up specialised in blockchain technology for enterprises.

Cyscale

Cyscale

Cyscale is a consultancy and development agency helping Enterprises adopt and migrate to the Cloud by providing an Automated Cloud Security Platform.

Rizikon Assurance

Rizikon Assurance

Rizikon Assurance is an Online System that improves Third-Party Assurance and Risk Management, through efficiency, automation and better visibility.

neoEYED

neoEYED

neoEYED helps banks and fintech to detect and prevent frauds using a Behavioral AI that recognizes the users just by looking at “how” they interact with the applications.

Seknox

Seknox

Seknox TRASA™ protects your business from insider threats.

Ward Solutions

Ward Solutions

Ward Solutions are an information security consultancy and managed services company. We help organisations protect their brand, people, assets, intellectual property and profits.

PhishFirewall

PhishFirewall

PhishFirewall is an advanced AI-driven CyberSecurity Awareness Education, Threat Emulation, and Human Security Analytics Platform.

Alpha Mountain AI (alphaMountain)

Alpha Mountain AI (alphaMountain)

alphaMountain provides up-to-date domain and IP intelligence for cybersecurity investigational and protection platforms.

HackersEra

HackersEra

HackersEra is a leading offensive cybersecurity service provider. We enable our clients to operate in a more secure environment efficiently and produce more value.

Anametric

Anametric

Anametric is developing new technologies and devices for chip scale quantum photonics, with a focus on cybersecurity.

Threatsys Technologies

Threatsys Technologies

Threatsys’s Integrated cyber security process helps your organizations to ensure that it’s secure from any fraudulent attacks.

Chugach Government Solutions (CGS)

Chugach Government Solutions (CGS)

CGS performs work for the Federal Government across 4 unique core lines of business, including: Facilities Management and Maintenance, Construction, Technical IT and Cyber Services, and Educational Se

Fortreum

Fortreum

Fortreum aim to simplify cybersecurity in the marketplace to accelerate your business outcomes.

CMIT Solutions

CMIT Solutions

CMIT Solutions is a recognized leader in Managed IT Services for businesses. We empower businesses like yours by providing innovative technology solutions, managed IT services and cybersecurity.