Watchdog fines bank £16m after cyberattack
TESCO Bank has been fined £16.4m over a cyberattack which allowed criminals to steal millions of pounds from its customers.
The fine is the first of its kind issued by the Financial Conduct Authority watchdog (FCA) and follows a 2016 hack which affected 8,261 customers.
Crooks from Brazil were able to use a flaw in Tesco’s systems to copy customers’ bank cards and make 80,000 fake contactless payments – netting a haul of £2.3m.
Enforcement director Mark Steward said: ‘The FCA has no tolerance for banks that fail to protect customers from foreseeable risks.
‘The attack was the subject of a very specific warning that Tesco Bank did not properly address until after the attack started. This was too little, too late.’ Tesco Bank moved quickly to refund everyone who had lost money and also paid several customers who were badly treated.
Chief executive Gary Mellon said yesterday: ‘We are very sorry for the impact that this fraud attack had on our customers. our priority is always the safety and security of our customers’ accounts and we fully accept the FCA’s notice.’