Tesco Bank cyber attack: a lesson in data protection for the wider industry

531 Views

Following the news this morning that Tesco Bank has reached a settlement with the FCA to pay £16.4million fine following the cyber fraud attack that took place in 2016, Paul Farrington, Director EMEA & APAC at CA Veracode, made the following comment :

“We commend the FCA for its actions today related to the 2016 Tesco Bank cyber-attack. While the vulnerability exploited in this breach is still a common occurrence, it is clear financial penalties for non-compliance and deficiencies will be increasing in the future. The fraud netted cyber attackers £2.26 million in this instance.  

 The Tesco attack happened prior to the implementation of new data protection regulations like GDPR, therefore the regulators took appropriate action under the mandate they were able to operate in. This penalty is a reminder of how critical it is that organisations consider their vulnerabilities and limit their exposure to fines. Financial losses due to non-compliance have the potential to outstrip what it would have cost to mitigate against a breach in the first place. 

 There will be tougher penalties in the future, and UK businesses must reassess their IT infrastructure and secure their software, web applications and networks to help protect sensitive data and ensure compliance.”