Two years after an attack on Tesco Bank, which resulted in £2.26 million being stolen online from 9.000 customers, comes the investigation's conclusion. Along with the finding, the imposition of a fine on bank (over £16.4 million) because it failed to protect its customers.
The audits were carried out by the Financial Conduct Authority (FCA) and the concluded (PDF) that the bank will have to pay a fine of £16,4 million because it failed to "take the necessary steps, and exercise the necessary care and diligence" to protect account holders from attacks in cyberspace.
The identities of the hackers were not revealed, but according to the report published by the FCA they managed to gain more than £ 2 millions in 48 hours in November of 2016.
The attack began at 2:00 a.m. on Saturday, November 5, 2016, and by 04:00 a.m., Tesco Bank's fraud detection system had begun automatically sending text messages to holders of the bank's current accounts, urging them to be alert to "suspicious activity." »In their accounts. This is how the bank learned about the attack…
As they are calls increased rapidly Tesco Bank controls managed to stop almost 80% of unauthorized transactions. But the attack had already affected 8.261 of the bank's 131.000 customers.
Attackers allegedly used an algorithm that created authentic Tesco Bank debit cards and using these virtual cards, thousands of unauthorized transactions were made.
The FCA said the incident was due to the way Tesco Bank distributed debit card numbers, but also mistakes made in the reaction when they became aware of the attack. But the poor design of Tesco Bank's debit cards played a major role in finding loopholes security.
Also according to the FCA, it took 21 hours after the attack began for Tesco Bank's security team to be notified. Throughout this period, illegal trading continued.
____________________________
- Google Chrome 69 comes and brings problems for Flash
- Debian 9.5: Available the fifth point release of Stretch
- MX Linux 17 x64 Custom ISO from iGuRu.gr