BISCUIT SELLER Tesco, the supermarket chain that owns Tesco Bank, could face a hefty £30m fine over a cyberattack that took place in 2016.
The Tesco Bank mega-attack of November 2016 saw criminals access around 9,000 customers’ savings, with some reporting that as much as £2,000 was syphoned from their accounts. The “unprecedented” incident saw Tesco shut down online transactions for two days, and led to the company paying back around £2.5m to affected customers.
That might not be all the company has to cough up, as the Financial Conduct Authority (FCA) is threatened to fine Tesco Bank up to £30m, according to Sky News, the largest penalty it’s ever handed out.
This comes after an FCA probe looked into whether Tesco Bank had left its customers exposed to fraud because it had issued sequential debit-card numbers, a practice most lenders avoid as it makes it easier for hackers to guess expiry dates and security codes.
Tesco Bank has also been criticised for its response to the attack, with customers’ complaining that they were kept on hold for hours and received no communication from the company.
However, Tesco Back is contesting the scale of the FCA’s proposed fine, according to a legal source speaking to Sky News, and is said to be in active negotiations with the watchdog.
A “substantially lower” sum could be agreed within the next few weeks, according to the source.
At the time of the attack, a data protection lawyer, who asked not to be named, told THE INQUIRER that Tesco, the supermarket chain that owns Tesco Bank, could have been facing a fine of £1.9bn for the hack if it occurred under the EU’s General Data Protection Regulations.
At the time of the attack, the Information Commissioner’s Office confirmed it would also be investigating the firm.
“The law requires organisations to have appropriate measures in place to keep people’s personal data secure. Where there’s a suggestion that hasn’t happened, the ICO can investigate and enforce if necessary,” it said. µ
Source : Inquirer