Bank is fined by watchdog over cyber attack
TESCO BANK has been fined £16.4m by the City watchdog following a major cyber attack in 2016.
The Financial Conduct Authority (FCA) said the fine was due to Tesco Bank having failed to “exercise due skill, care and diligence in protecting its personal current account holders”.
The regulator said the attackers took advantages of “deficiencies” in the design of Tesco Bank’s debit card, as well as its financial crime controls and its financial crime operations team to carry out the hack.
It left Tesco Bank customers vulnerable to what the FCA said was a “largely avoidable incident” which saw cyber attackers net £2.26m during the 48-hour incident in November 2016.
Mark Steward, the FCA’s executive director of enforcement and market oversight, said: “The fine the FCA imposed on Tesco Bank today reflects the fact that the FCA has no tolerance for banks that fail to protect customers from foreseeable risks.”
But the FCA said that, following the attack, Tesco Bank put in place a “comprehensive redress” programme and devoted significant resources to improving the deficiencies that left the bank vulnerable to the attack.
Had Tesco Bank not provided a high level of co-operation to the FCA and agreed to an early settlement, the watchdog would have fined the lender £33.56m. Tesco Bank chief executive Gerry Mallon said: “We are very sorry for the impact that this fraud attack had on our customers.”