Tesco Bank fined £16.4m by City watchdog for failing to protect customers from cyber attack
- FCA criticised Tesco Bank for leaving vulnerable customers open to a cyber attack which was ‘largely avoidable’
- Regulator said Tesco Bank failed to ‘exercise due skill, care and diligence’
- Tesco Bank dodged higher fine after it co-operated and agreed swift settlement
The City watchdog has fined Tesco Bank £16.4million after it failed to adequately protect customers which resulted in them losing millions in a cyber attack.
Tesco Bank failed to ‘exercise due skill, care and diligence in protecting its personal current account holders’ according to the Financial Conduct Authority.
The FCA said it was a ‘largely avoidable incident’ which saw cyber attackers net £2.26million during a 48-hour period in November 2016.
Tesco Bank: The supermarket-backed bank has agreed to a £16.4m settlement with the FCA
The regulator said the attackers took advantages of ‘deficiencies’ in the design of Tesco Bank’s debit card, as well as its financial crime controls and its financial crime operations team to carry out the hack.
Mark Steward, the FCA’s executive director of enforcement and market oversight, said: ‘The fine the FCA imposed on Tesco Bank today reflects the fact that the FCA has no tolerance for banks that fail to protect customers from foreseeable risks.
‘In this case, the attack was the subject of a very specific warning that Tesco Bank did not properly address until after the attack started.
‘This was too little, too late. Customers should not have been exposed to the risk at all.’
The FCA did acknowledge Tesco Bank’s efforts following the attack, where it immediately embarked on a ‘comprehensive redress’ programme and devoted significant resources to improving the deficiencies that left the bank vulnerable to the attack.
Tesco Bank’s co-operation and early settlement agreement saved it from a whopping £33.56million, the regulator added.
Tesco Bank chief executive Gerry Mallon said: ‘We are very sorry for the impact that this fraud attack had on our customers.
‘Our priority is always the safety and security of our customers’ accounts and we fully accept the FCA’s notice.
‘We have significantly enhanced our security measures to ensure that our customers’ accounts have the highest levels of protection.
‘I apologise to our customers for the inconvenience caused in 2016.’