Tesco cyber-attack leads to $21mn settlement in UK

Bloomberg

The UK financial regulator fined Tesco Plc’s banking arm $21 million for failures that allowed cyber attackers to steal funds.
The 48-hour hack in November 2016 was “largely avoidable” and took place because the thieves took advantage of weaknesses in the design of the bank’s debit card, its financial-crime controls and its so-called Financial Crime Operations Team, netting the criminals 2.3 million pounds, the Financial Conduct Authority said.
“The attack was the subject of a very specific warning that Tesco Bank did not properly address until after the attack started,” said Mark Steward, FCA executive director of enforcement and market oversight.
“This was too little, too late. Customers should not have been exposed to the risk at all.”
Tesco Bank immediately tried to remedy the problems and provide redress, devoting significant resources to the problems, the FCA said. It also cooperated with the regulator, receiving a 30 percent credit for mitigation and qualified for a discount because it agreed to settle the matter early, the FCA said.
Tesco Bank Chief Executive Officer Gerry Mallon apologised for the inconvenience caused to customers.
“We are very sorry for the impact that this fraud attack had on our customers,” Mallon said. “Our priority is always the safety and security of our customers’ accounts and we fully accept the FCA’s notice.
We have significantly enhanced our security measures to ensure that our customers’ accounts have the highest levels of protection.”
Tesco shares were little changed at 239.30 pence in London. They’ve risen 14 percent this year.

Leave a Reply

Send this to a friend