NEWS2 October 2018

FCA fines Tesco £16m for cyber breach

Finance Legal News UK

UK – The Financial Conduct Authority (FCA) has issued supermarket giant Tesco with a £16.4m fine for an ‘avoidable’ cyber attack.

This is the first time the FCA has penalised a company for online fraud.

The incident took place in November 2016 when it appears the criminals used an algorithm to generate authentic debit card numbers and then used those ‘virtual cards’ to make unauthorised transactions.

The FCA said the attackers “exploited deficiencies in Tesco Bank’s design of its debit card, its financial crime controls and in its Financial Crime Operations Team”.

As a result, Tesco Bank’s personal current account holders were vulnerable to a “largely avoidable incident” that took place over 48 hours and netted the attackers £2.26 million.

The FCA listed a catalogue of errors, including ignored warnings, but it did not involve the loss or theft of customers’ personal data.