Tesco Bank Suffer Data Breach


Over the first weekend of November 2016, Tesco Bank saw its systems hacked into, with a reported 40,000 fraudulent transactions taking place.

Chief Executive of Tesco Bank, Benny Higgins, blamed “a systematic, sophisticated attack” for the money fraudulently taken from customer’s bank accounts.

Tesco were quick to confirm that fewer than half of the 40,000 accounts had funds withdrawn, and that the amounts taken from customers were ‘relatively small’. From the bank’s point of view, this was positive news – but the same couldn’t be said for customers who had hundreds – or on some occasions even thousands – of pounds swiped from their accounts.

While the incident was initially being investigated, the bank temporarily stopped their customers from being able to make online payments, but could use their cards in-store and at cash points.

Tesco reassured customers that all money would be refunded as a matter of urgency. The bank were true to their word, with £2.5m refunded to the 9,000 hacked customers by the end of Tuesday 8th November. Higgins told the BBC, “we’ve now refunded all customer accounts by fraud and lifted the suspension of online debit transactions so that customers can use their accounts as normal.”

He continued, “we’d also like to reassure our customers that none of their personal data has been compromised. We’d again like to apologise for the worry and inconvenience this issue has caused.”

What went wrong at Tesco Bank? >>

It’s been reported that Tesco could subsequently be hit with a multi-million pound fine by City regulators in the wake of the breach. Should regulators find that failures in the bank’s systems and controls contributed to the cyber-attack, the lender could be hit with a damaging financial penalty – on top of the cost of refunding customers and any other necessary compensation.

Cyber-security experts confirmed that the scale of this attack was unheard of in UK banking, as David Emm, a senior researcher at security software firm Kaspersky, confirmed, “this is the biggest incident that I can think of in banking terms. I can’t think of banking activity being suspended before.”

How you can protect your bank account >>

Although the attack has been quickly resolved by the bank, it’s proof that any business can be the target of a cyber attacker. It’s imperative that organisations stay alert and one step ahead of the criminals, whose sole aim is to steal sensitive data and funds.

Free Introduction to ISO 9001 course






start course

Related Articles

  • ISO 27001 for Beginners

    The ISO 27001 Information Security Management standard is a way of ensuring you'e managing your risks effectively. Read on for an introduction to the standard.

  • The Ultimate Guide to ISO 27001

    We take you through what ISO 27001 is, how it works, the benefits and why the Information Security Management Standard is more popular than ever before.

  • Don’t Spook Your Customers

    Protecting personal data is an example of how not to “spook” your customers - it’s advantageous to make your business the best it can to win and retain work.