Tesco Bank Fined £16.4m For Exposing Customers

Uploaded on 2018-10-02 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Law, BUSINESS-Services-Financial

Tesco Bank has agreed to pay £16.4m as part of a settlement with the Financial Conduct Authority following a cyber-attack in 2016.Tesco said the attack did not involve the theft or loss of any customers’ data, but led to 34 transactions in which funds were debited from accounts, and other customers having normal service disrupted.

The FCA said the fraud netted cyber-attackers £2.26m, exploiting “deficiencies” in Tesco Bank’s design of its debit card, its financial crime controls and in its financial crime operations team.

But it added that, following the attack, Tesco Bank immediately put in place a “comprehensive redress” programme and devoted significant resources to improving the deficiencies that left the bank vulnerable to the attack. Had Tesco Bank not provided a high level of cooperation to the FCA and agreed to an early settlement, the watchdog would have fined the lender £33.56m.

The Tesco Bank chief executive, Gerry Mallon, said: “We are very sorry for the impact that this fraud attack had on our customers. Our priority is always the safety and security of our customers’ accounts and we fully accept the FCA’s notice.
“We have significantly enhanced our security measures to ensure that our customers’ accounts have the highest levels of protection. I apologise to our customers for the inconvenience caused in 2016.”

Mark Steward, the executive director of enforcement and market oversight at the FCA, said: “The fine the FCA imposed on Tesco Bank today reflects the fact that the FCA has no tolerance for banks that fail to protect customers from foreseeable risks.

“In this case, the attack was the subject of a very specific warning that Tesco Bank did not properly address until after the attack started. This was too little, too late. Customers should not have been exposed to the risk at all.

“Banks must ensure that their financial crime systems and the individuals who design and operate them work to substantially reduce the risk of such attacks occurring in the first place.

“The standard is one of resilience, reducing the risk of a successful cyber-attack occurring in the first place, not only reacting to an attack.”

Guardian:

You Might Also Read:

Tesco Could Have Been Facing £2bn Fine After The Bank Hack:

British Airways Faces £Multimillion Fine:

ICO Fine Facebook Half A Million Pounds:

 

 

« How To Hack the Hackers: The Human Side Of Cybercrime
The Image Of Julian Assange Grows Darker »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

British Insurance Brokers’ Association (BIBA)

British Insurance Brokers’ Association (BIBA)

BIBA is the UK’s leading general insurance intermediary organisation. Use the ‘Find Insurance‘ section of the BIBA website to find providers of cyber risk insurance in the UK.

mnemonic

mnemonic

mnemonic helps businesses manage their security risks, protect their data and defend against cyber threats.

Second Nature Security (2NS)

Second Nature Security (2NS)

2NS provide vulnerability assessment, penetration testing, security audit, application and network security and secure software development processes.

AFCON Control & Automation

AFCON Control & Automation

AFCON is a leading global provider of software solutions and services for the smart management of Control & Automation systems in the age of Digital Transformation.

SecLytics

SecLytics

SecLytics is the leader in Predictive Threat Intelligence. Our SaaS-based Augur platform leverages behavioral profiling and machine learning to hunt down cyber criminals.

ExpressVPN

ExpressVPN

ExpressVPN is a Virtual Private Network services provider offering secure encrypted access to the internet.

Cycuity

Cycuity

Cycuity (formerly Tortuga Logic) is a cybersecurity company that is transforming the way we secure silicon with comprehensive hardware security assurance.

Cybertonica

Cybertonica

Cybertonica is a FinTech company which detects and prevents fraudulent transactions and reduces risk for financial services organisations.

CyBOK - University of Bristol

CyBOK - University of Bristol

CyBOK is a comprehensive Body of Knowledge to inform and underpin education and professional training for the cyber security sector.

Asia Data Destruction (ADD)

Asia Data Destruction (ADD)

ADD is the leading IT Assets Disposal and Data Destruction Company in Thailand.

CloudVector

CloudVector

CloudVector's API Detection & Response platform is the only API Threat Protection solution that goes beyond the gateway to provide Shadow API Prevention and Deep API Risk Monitoring and Remediation.

ITsMine

ITsMine

ITsMine’s Beyond DLP solution is a leading Data Loss Prevention solution used by organizations to protect against internal and external threats automatically.

ThreatX

ThreatX

ThreatX provides complete web application & API protection to address expanding app footprints and complex attacks.

Dynamic Quest

Dynamic Quest

Dynamic Quest is a managed IT, cloud and security services companies, providing a comprehensive range of technology services including cybersecurity, backup and disaster recovery.

CYBRI

CYBRI

CYBRI is a cybersecurity company helping businesses detect and remediate mission-critical vulnerabilities before they get exploited by hackers.

Operational Systems (OpSys)

Operational Systems (OpSys)

OpSys is a leading Managed IT and Cyber Security provider protecting the critical elements of businesses across the globe.