Two years after the attack on Tesco Bank, which resulted in the online theft of 2.26 million pounds from 9.000 customers, the survey came out. Together with the statement was also announced the imposition of a fine on the bank (over 16.4 million) because it was unable to protect its clients.
The checks were carried out by Financial Conduct Authority (FCA) and concluded (PDF) that the bank will have to pay a fine of £16,4 million because it failed to "take the required actions, and show the required caution and diligence” to protect account holders from cyber attacks.
Their identities hacker were not disclosed but according to the report published by the FCA they managed to acquire over £2 million within 48 hours in November 2016.
The attack began at 2:00 a.m. on Saturday, November 5, 2016, and by 04:00 a.m., Tesco Bank's fraud detection system had begun automatically sending text messages to holders of the bank's current accounts, urging them to be alert to "suspicious activity." »In their accounts. This is how the bank learned about the attack…
As calls grew rapidly, Tesco Bank's controls managed to stop almost 80% of unauthorized transactions. But the attack had already hit 8.261 from the 131.000 bank customers.
Attackers allegedly used an algorithm that created authentic Tesco Bank debit cards and using these virtual cards, thousands of unauthorized transactions were made.
The FCA said this was due to the way Tesco Bank distributed debit card numbers, but also Mistakes made in reaction when they perceived the attack. But the poor design of Tesco Bank's debit cards played a major role in finding security holes.
Also according to the FCA, it took 21 hours after the attack began for Tesco Bank's security team to be notified. Throughout this period, illegal trading continued.
____________________________
- Google Chrome 69 comes and brings problems for Flash
- Debian 9.5: Available the fifth point release of Stretch
- MX Linux 17 x64 Custom ISO from iGuRu.gr