Britain financial and regulatory watchdog, Financial Conduct Authority (FCA), has slapped Tesco Bank with £16 million ($21.4 million) fine for the cyber-attack the bank suffered in 2016. According to the regulatory body the Bank failed exercise due skill, care and diligence and protect account holders at its bank from a foreseeable cyber-attack, which occurred for over 48 hours in 2016. The regulatory body pointed out that hackers had exploited deficiencies in Tesco Bank’s design of its debit card and in its financial crime controls.
Nearly £2 million was stolen from nearly 9000 customers using counterfeit cards, with nearly 40,000 accounts being compromised in the attack. As an immediate remedy Tesco froze online transactions for its nearly 136,000 account holders, which resulted in several customers unable to pay their bills.
“Those deficiencies left Tesco Bank’s personal current account holders vulnerable to a largely avoidable incident that occurred over 48 hours and which netted the cyber attackers 2.26 million pounds,” the FCA said in a statement.
The incident was FCA’s first ever fine for failing to safeguard cyber infrastructure. The fine is also to make other lenders more vigilant toward cyber-attacks and consider it as a top priority. “The fine the FCA imposed on Tesco Bank today reflects the fact that the FCA has no tolerance for banks that fail to protect customers from foreseeable risks,” said Mark Steward, executive director of enforcement and market oversight at the FCA. “In this case, the attack was the subject of a very specific warning that Tesco Bank did not properly address until after the attack started. This was too little, too late. Customers should not have been exposed to the risk at all”.
Tesco Bank once again apologized for the incident and agreed to pay up the said fine. “We are very sorry for the impact that this fraud attack had on our customers. Our priority is always the safety and security of our customers’ accounts and we fully accept the FCA’s notice,” said Gerry Mallon, Tesco Bank chief executive. “We have significantly enhanced our security measures to ensure that our customers’ accounts have the highest levels of protection. I apologise to our customers for the inconvenience caused in 2016.”