Two years after the attack on Tesco Bank, which resulted in the online theft £2.26 million from 9.000 customers, the survey found. Along with the finding, the bank was fined (over £16.4 million) for failing to protect its customers.
The audits were carried out by the Financial Conduct Authority (FCA) and the concluded (PDF) that the bank should pay a fine of 16,4 million pounds because it failed to "exercise the necessary actions, and show the necessary care and diligence" to protect account holders from cyber attacks.
The identities of the hackers were not disclosed but according to the report published by the FCA they managed to obtain over £2 million within 48 hours in November 2016.
The attack began at 2:00 a.m. on Saturday, November 5, 2016, and by 04:00 a.m., Tesco Bank's fraud detection system had begun automatically sending text messages to holders of the bank's current accounts, urging them to be alert to "suspicious activity." »In their accounts. This is how the bank learned about the attack…
As calls grew rapidly, Tesco Bank's controls managed to stop almost 80% of unauthorized transactions. But the attack had already hit 8.261 from the 131.000 bank customers.
The attackers allegedly used an algorithm which generated authentic Tesco Bank debit card numbers and using these dummy cards, were making thousands of unauthorized transactions.
The FCA said the incident was due to the way Tesco Bank distributed debit card numbers, but also mistakes made in the reaction when they became aware of the attack. But the poor design of Tesco Bank's debit cards played a major role in finding loopholes security.
Also according to the FCA, it took 21 hours after the attack began for Tesco Bank's security team to be notified. Throughout this period, illegal trading continued.
____________________________
- Google Chrome 69 comes and brings problems for Flash
- Debian 9.5: Available the fifth point release of Stretch
- MX Linux 17 x64 Custom ISO from iGuRu.gr
