Tesco Bank Fined £16.4m For Exposing Customers

Tesco Bank has agreed to pay £16.4m as part of a settlement with the Financial Conduct Authority following a cyber-attack in 2016.Tesco said the attack did not involve the theft or loss of any customers’ data, but led to 34 transactions in which funds were debited from accounts, and other customers having normal service disrupted.

The FCA said the fraud netted cyber-attackers £2.26m, exploiting “deficiencies” in Tesco Bank’s design of its debit card, its financial crime controls and in its financial crime operations team.

But it added that, following the attack, Tesco Bank immediately put in place a “comprehensive redress” programme and devoted significant resources to improving the deficiencies that left the bank vulnerable to the attack. Had Tesco Bank not provided a high level of cooperation to the FCA and agreed to an early settlement, the watchdog would have fined the lender £33.56m.

The Tesco Bank chief executive, Gerry Mallon, said: “We are very sorry for the impact that this fraud attack had on our customers. Our priority is always the safety and security of our customers’ accounts and we fully accept the FCA’s notice.
“We have significantly enhanced our security measures to ensure that our customers’ accounts have the highest levels of protection. I apologise to our customers for the inconvenience caused in 2016.”

Mark Steward, the executive director of enforcement and market oversight at the FCA, said: “The fine the FCA imposed on Tesco Bank today reflects the fact that the FCA has no tolerance for banks that fail to protect customers from foreseeable risks.

“In this case, the attack was the subject of a very specific warning that Tesco Bank did not properly address until after the attack started. This was too little, too late. Customers should not have been exposed to the risk at all.

“Banks must ensure that their financial crime systems and the individuals who design and operate them work to substantially reduce the risk of such attacks occurring in the first place.

“The standard is one of resilience, reducing the risk of a successful cyber-attack occurring in the first place, not only reacting to an attack.”

Guardian:

You Might Also Read:

Tesco Could Have Been Facing £2bn Fine After The Bank Hack:

British Airways Faces £Multimillion Fine:

ICO Fine Facebook Half A Million Pounds:

 

 

« How To Hack the Hackers: The Human Side Of Cybercrime
The Image Of Julian Assange Grows Darker »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Bishop Fox

Bishop Fox

Bishop Fox is a leading authority in offensive security, providing solutions ranging from continuous penetration testing and attack surface management to product and application security assessments.

Vertical Structure

Vertical Structure

Vertical Structure services include Security & Penetration Testing, Information Assurance, Bespoke Training Programs and Secure Hosting.

Marsh

Marsh

Marsh is a global leader in insurance broking and risk management and has been a leader in combatting cyber threats since their emergence.

Centre for Cyber Security (CFCS) - Denmark

Centre for Cyber Security (CFCS) - Denmark

The Centre for Cyber Security is the Danish national IT security authority, Network Security Service and Centre for Excellence within cyber security.

NTOP

NTOP

NTOP develop high-quality network traffic analysis and DDoS protection software used by small individuals as well by large telecom operators.

Greenetics Solutions

Greenetics Solutions

Greenetics Solutions is a company focused on providing solutions for information security.

Turkish Accreditation Agency (TURKAK)

Turkish Accreditation Agency (TURKAK)

TURKAK is the national accreditation body for Turkey. The directory of members provides details of organisations offering certification services for ISO 27001.

Cyber Wales

Cyber Wales

Cyber Wales provides a focus and forum for everyone in the industry, helping businesses come together and collaborate both within Wales and internationally.

Vilnius Tech Park

Vilnius Tech Park

The region‘s most complex and integrated ICT hub, Vilnius Tech Park aims to attract and unite innovative talent from big data, cyber security, smart solutions, fintech and digital design.

Intercast Global

Intercast Global

Intercast's mission is to be a strategic resource to our clients in Risk Reduction. We are a global leader in cyber security staffing and consulting to the enterprise.

Vigilant Technology Solutions

Vigilant Technology Solutions

Vigilant is a global cyber security technology company offering solutions to manage entire IT & cyber security lifecycles.

Diaplous Group

Diaplous Group

Diaplous Group is a leading Maritime Risk Management (MRM) provider, delivering specialized services to an ever-broadening portfolio of shipping, oil & gas, energy and construction industries.

Enea

Enea

Enea is one of the world’s leading specialists in software for telecommunications and cybersecurity. Our products are used to enable services for mobile subscribers, enterprise customers and IoT.

Iolo

Iolo

Iolo develops patented technology and award-winning software that repairs, optimizes, and protects computers, to maximize system speed and performance while keeping them safe.

Brunswick Group

Brunswick Group

Brunswick is a critical issues firm. We advise the world’s leading companies on how to navigate the critical issues they face and engage with their critical stakeholders.

CyberMontana

CyberMontana

CyberMontana is a statewide initiative providing cybersecurity awareness, training, and workforce development for businesses and residents of Montana.