Tesco Bank was fined £16.4m by the City watchdog over a cyber-attack it suffered that netted cyber criminals £2.26m.
The Financial Conduct Authority (FCA) said deficiencies at the bank had left account holders vulnerable to the incident. The bank had received a specific warning that was not properly addressed until the attack had started and the response was “too little, too late”.
This is the first time the FCA has issued a fine for a cyber-related incident.
Tesco Bank said that since the incident in November 2016 it had “significantly enhanced” security measures, and apologised to customers.
Mark Steward, executive director of enforcement and market oversight at the FCA, said the fine “reflects the fact that the FCA has no tolerance for banks that fail to protect customers from foreseeable risks”. Banks must ensure resilience against such crime reducing the risk of a cyber attack occurring in the first place, not only reacting to an attack.
Tesco Bank said the cyber attack in 2016 did not involve the theft or loss of any customers’ data but led to 34 transactions where funds were debited from customers’ accounts, and other customers having normal service disrupted.
The bank’s chief executive Gerry Mallon said: “We are very sorry for the impact that this fraud attack had on our customers.”
Banks and other financial institutions must learn that it’s cheaper to build proper protection that wait for a catastrophe to happen.
Do leave a comment on this post – click on the post title then scroll down to leave your comment.