Tesco Bank Suffer Data Breach

Over the first weekend of November 2016, Tesco Bank saw its systems hacked into, with a reported 40,000 fraudulent transactions taking place.

Chief Executive of Tesco Bank, Benny Higgins, blamed “a systematic, sophisticated attack” for the money fraudulently taken from customer’s bank accounts.

Tesco were quick to confirm that fewer than half of the 40,000 accounts had funds withdrawn, and that the amounts taken from customers were ‘relatively small’. From the bank’s point of view, this was positive news – but the same couldn’t be said for customers who had hundreds – or on some occasions even thousands – of pounds swiped from their accounts.

While the incident was initially being investigated, the bank temporarily stopped their customers from being able to make online payments, but could use their cards in-store and at cash points.

Tesco reassured customers that all money would be refunded as a matter of urgency. The bank were true to their word, with £2.5m refunded to the 9,000 hacked customers by the end of Tuesday 8th November. Higgins told the BBC, “we’ve now refunded all customer accounts by fraud and lifted the suspension of online debit transactions so that customers can use their accounts as normal.”

He continued, “we’d also like to reassure our customers that none of their personal data has been compromised. We’d again like to apologise for the worry and inconvenience this issue has caused.”

What went wrong at Tesco Bank? >>

It’s been reported that Tesco could subsequently be hit with a multi-million pound fine by City regulators in the wake of the breach. Should regulators find that failures in the bank’s systems and controls contributed to the cyber-attack, the lender could be hit with a damaging financial penalty – on top of the cost of refunding customers and any other necessary compensation.

Cyber-security experts confirmed that the scale of this attack was unheard of in UK banking, as David Emm, a senior researcher at security software firm Kaspersky, confirmed, “this is the biggest incident that I can think of in banking terms. I can’t think of banking activity being suspended before.”

How you can protect your bank account >>

Although the attack has been quickly resolved by the bank, it’s proof that any business can be the target of a cyber attacker. It’s imperative that organisations stay alert and one step ahead of the criminals, whose sole aim is to steal sensitive data and funds.

Free Introduction to ISO 9001 course






start course

Related Articles

  • The Threat From Within

    Barely a day goes by without a big corporate falling victim to a hacking attempt. The online world we live in is full of opportunity, but also risk.

  • HSBC Suffer Cyber Attack

    HSBC, one of the world’s largest leading banking and financial services organisations, are the latest company to fall victim to a very public cyber attack.

  • The Ultimate Guide to ISO 27001

    We take you through what ISO 27001 is, how it works, the benefits and why the Information Security Management Standard is more popular than ever before.