Site navigation

Tesco Bank Faces Massive Fine Over 2016 Cyber Attack

Dominique Adams


Tesco logo

The Financial Conduct Authority has warned the bank that it could face a fine of more than £30 million over the 2016 cyberattack, in which criminals attempted to steal cash from its customers. 

Tesco Bank suffered a serious cyberattack in November 2016, which forced the bank to suspend all online transactions after it became aware of hackers trying to access its services.

While no customer data was compromised the cyber criminals did steal some customers’ life savings. Initially, the bank estimated that 40,000 of its 7.8 million customers had their savings stolen. However, the bank subsequently downgraded that figure to 20,000 and then later to 50. All were refunded within days.

Sky News has reported that the Financial Conduct Authority (FCA) has warned Tesco that it is considering imposing one of the largest-ever cyber attack related fines.

A legal source has revealed that, on Monday, the bank was contesting the size of fine and was in active negotiations with the FCA about it. The insider said that a “substantially lower” figure could be negotiated and agreed upon but noted there was no guarantee the matter would be resolved quickly – the bank hopes to lower the fine to under £20m.

Proposed Fine Could Send Shockwaves Across the Industry

Given the limited extent of the attack and that so few customers were affected, the proposed fine by the FCA is likely to cause concern in bank boardrooms. The proposed decision by the FCA could signal a much harsher stance, and suggests that the biggest banks could, in future, face much more substantial fines if they fall victim to cyber attacks.

One bank executive commented that such a large fine could send a negative message to the UK’s challenger banks, which are crucial to fostering competition across the UK’s banking market.

Furthermore, the hefty fine makes the recent fine handed down by the Information Commissioner’s Office (ICO) to Equifax disproportionate. However, this was the highest fine that could be issued under the old data protection law and was for the loss of customer data rather than customer money.

The negotiations come swiftly on the heels of several banking IT failures and cyber attacks. Most recently, the Royal Bank of Scotland’s NatWest suffered IT outages. Nicky Morgan, the Conservative MP who chairs the Treasury Select Committee, said the problems were “yet another addition to the litany of failures of banking IT systems”.

Dominique Profile Picture

Dominique Adams

Staff Writer, DIGIT

Latest News

%d bloggers like this: