Two years after the attack on her Tesco Bank, which resulted in the online theft £2.26 million from 9.000 customers, it found research. Along with the finding, the bank was fined (over £16.4m) for failing to protect its customers.
The audits were carried out by the Financial Conduct Authority (FCA) and the concluded (PDF) that the bank should pay a fine of 16,4 million pounds because it failed to "exercise the necessary actions, and show the necessary care and diligence" to protect account holders from cyber attacks.
The identities of the hackers were not disclosed but according to the report published by the FCA they managed to obtain over £2 million within 48 hours in November 2016.
The attack began at 2:00 a.m. on Saturday, November 5, 2016, and by 04:00 a.m., the detection system scamTesco Bank has started sending automated text messages to the bank's current account holders, asking them to watch out for "suspicious activity" on their accounts. This is how the bank found out about the attack...
As calls grew rapidly, Tesco Bank's controls managed to stop almost 80% of unauthorized transactions. But the attack had already hit 8.261 from the 131.000 bank customers.
Attackers allegedly used an algorithm that created authentic Tesco Bank debit cards and using these virtual cards, thousands of unauthorized transactions were made.
FCA said the fact is due to the way Tesco Bank distributes the debit card numbers, but also to mistakes made in the reaction when they realized the attack. But the bad design of Tesco Bank's debit cards played an important role in finding security gaps.
Also according to the FCA, it took 21 hours after the attack began for Tesco Bank's security team to be notified. Throughout this period, illegal trading continued.
____________________________
- Google Chrome 69 comes and brings problems for Flash
- Debian 9.5: Available the fifth point release of Stretch
- MX Linux 17 x64 Custom ISO from iGuRu.gr