Tesco Bank suffered a serious cyberattack in November 2016, which forced the bank to suspend all online transactions after it became aware of hackers trying to access its services.
While no customer data was compromised the cyber criminals did steal some customers’ life savings. Initially, the bank estimated that 40,000 of its 7.8 million customers had their savings stolen. However, the bank subsequently downgraded that figure to 20,000 and then later to 50. All were refunded within days.
Sky News has reported that the Financial Conduct Authority (FCA) has warned Tesco that it is considering imposing one of the largest-ever cyber attack related fines.
A legal source has revealed that, on Monday, the bank was contesting the size of fine and was in active negotiations with the FCA about it. The insider said that a “substantially lower” figure could be negotiated and agreed upon but noted there was no guarantee the matter would be resolved quickly – the bank hopes to lower the fine to under £20m.
Proposed Fine Could Send Shockwaves Across the Industry
Given the limited extent of the attack and that so few customers were affected, the proposed fine by the FCA is likely to cause concern in bank boardrooms. The proposed decision by the FCA could signal a much harsher stance, and suggests that the biggest banks could, in future, face much more substantial fines if they fall victim to cyber attacks.
One bank executive commented that such a large fine could send a negative message to the UK’s challenger banks, which are crucial to fostering competition across the UK’s banking market.
Furthermore, the hefty fine makes the recent fine handed down by the Information Commissioner’s Office (ICO) to Equifax disproportionate. However, this was the highest fine that could be issued under the old data protection law and was for the loss of customer data rather than customer money.
The negotiations come swiftly on the heels of several banking IT failures and cyber attacks. Most recently, the Royal Bank of Scotland’s NatWest suffered IT outages. Nicky Morgan, the Conservative MP who chairs the Treasury Select Committee, said the problems were “yet another addition to the litany of failures of banking IT systems”.