Tesco Bank Fined £16.4m For Exposing Customers

Uploaded on 2018-10-02 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Law, BUSINESS-Services-Financial

Tesco Bank has agreed to pay £16.4m as part of a settlement with the Financial Conduct Authority following a cyber-attack in 2016.Tesco said the attack did not involve the theft or loss of any customers’ data, but led to 34 transactions in which funds were debited from accounts, and other customers having normal service disrupted.

The FCA said the fraud netted cyber-attackers £2.26m, exploiting “deficiencies” in Tesco Bank’s design of its debit card, its financial crime controls and in its financial crime operations team.

But it added that, following the attack, Tesco Bank immediately put in place a “comprehensive redress” programme and devoted significant resources to improving the deficiencies that left the bank vulnerable to the attack. Had Tesco Bank not provided a high level of cooperation to the FCA and agreed to an early settlement, the watchdog would have fined the lender £33.56m.

The Tesco Bank chief executive, Gerry Mallon, said: “We are very sorry for the impact that this fraud attack had on our customers. Our priority is always the safety and security of our customers’ accounts and we fully accept the FCA’s notice.
“We have significantly enhanced our security measures to ensure that our customers’ accounts have the highest levels of protection. I apologise to our customers for the inconvenience caused in 2016.”

Mark Steward, the executive director of enforcement and market oversight at the FCA, said: “The fine the FCA imposed on Tesco Bank today reflects the fact that the FCA has no tolerance for banks that fail to protect customers from foreseeable risks.

“In this case, the attack was the subject of a very specific warning that Tesco Bank did not properly address until after the attack started. This was too little, too late. Customers should not have been exposed to the risk at all.

“Banks must ensure that their financial crime systems and the individuals who design and operate them work to substantially reduce the risk of such attacks occurring in the first place.

“The standard is one of resilience, reducing the risk of a successful cyber-attack occurring in the first place, not only reacting to an attack.”

Guardian:

You Might Also Read:

Tesco Could Have Been Facing £2bn Fine After The Bank Hack:

British Airways Faces £Multimillion Fine:

ICO Fine Facebook Half A Million Pounds:

 

 

« How To Hack the Hackers: The Human Side Of Cybercrime
The Image Of Julian Assange Grows Darker »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

IoTium

IoTium

Secure Cloud Managed Software Defined IoT Networks. IoTium simplifies establishing and managing secure network infrastructure for Industrial IoT.

Proofpoint

Proofpoint

Proofpoint provide the most effective cybersecurity and compliance solutions to protect people on every channel including email, the web, the cloud, social media and mobile messaging.

exceet Secure Solutions

exceet Secure Solutions

exceet Secure Solutions is your experienced specialist for Internet of Things (IoT), Heath Telematics, electronic signatures and timestamps and IT security.

C3.ai

C3.ai

The C3 AI Suite supports configurable, pre-built, high value AI applications for predictive maintenance, fraud detection, anti-money laundering, sensor network health and more.

Cyber Threat Alliance

Cyber Threat Alliance

CTA is working to improve cybersecurity of our digital ecosystem by enabling near real-time cyber threat information sharing among companies and organizations in the cybersecurity field.

ADL Process

ADL Process

ADL Process offer secure data destruction, certified product destruction and responsible electronics recycling services to businesses and institutions.

eLearnSecurity

eLearnSecurity

eLearnSecurity is an innovator in the IT Security training market providing quality online courses paired with highly practical virtual labs.

AUTOCRYPT

AUTOCRYPT

AUTOCRYPT is a mobility security provider dedicated to the safety of future transportation

CyberRisk Alliance (CRA)

CyberRisk Alliance (CRA)

CyberRisk Alliance is a business intelligence company created to serve the rapidly evolving cybersecurity and information risk management marketplace.

Detego Global

Detego Global

Detego Global are the creators of the Detego® Unified Digital Forensics Platform, a suite of modular tools used globally by military, law enforcement and intelligence agencies, and enterprises.

Readynez

Readynez

Readynez is the digital skills concierge service that helps you ensure your workforce has the tech skills and resources needed to stay ahead of the digital curve.

Sequentur

Sequentur

Sequentur is an award-winning Managed IT Services company. We are SOC 2 certified and provide Managed IT Services and Cybersecurity services to businesses nationwide.

Professional Labs

Professional Labs

Professional Labs specialize in simplifying complex problems for our customers with Cloud Services, Managed Services and Cyber Security.

Vernetzen

Vernetzen

Vernetzen is an industrial network and cybersecurity innovator focused on delivering practical solutions to connect and secure industry across the globe.

AUCyber

AUCyber

AUCyber is a leading provider of managed cyber security solutions and consultancy services, specialising in supporting Australian organisations and Government agencies.

UKON

UKON

UKON is the free cyber insurance marketplace for MSPs, agencies and partners to turn risk into revenue.