Tesco Bank faces £30m fine for cyber attack
TESCO Bank has been threatened with a £30 million fine following an “unprecedented and serious” cyber attack that affected thousands of customers two years ago, it was reported last night.
The Financial Conduct Authority (FCA) has discussed the penalty although a final figure, which could be lower, will be agreed in the next few weeks.
The cyber attack on Tesco Bank saw money stolen from 20,000 accounts, plunging the lender into chaos and forcing it to shut down online transactions for two days in 2016.
Tesco Bank could be hit with a penalty over and above the cost of refunding affected customers and any other compensation, sources told Sky News.
At the time of the attack, customers complained they were kept on hold for hours and received no communication from Tesco Bank despite losing hundreds of pounds after the attack paralysed the bank’s IT systems.
The Daily Telegraph reported the probability of a multi-million-pound fine if regulators found that failures in Tesco Bank’s systems and controls contributed to the incident.
Giving evidence to the Commons Treasury select committee, Andrew Bailey, the FCA chief executive, labelled the attack “unprecedented” and “serious” and said banking communication regarding outages was “not transparent enough” for customers.
Tesco is not the only bank to face such a fine. In 2014 the FCA and the Bank of England’s Prudential Regulation Authority fined Royal Bank of Scotland a combined £56million after a computer systems failure lasting a number of weeks affected 6.5million customers.
Last week, Equifax was fined £500,000 for a data breach involving 15 million UK customers.
The FCA and Tesco Bank have declined to comment.