, ,

Tesco fined over £16 million following cyberattack


Tesco Bank has been fined a whopping £16.4m fine following a cyber-attack. The incident, which took place in November 2016, resulted in cybercriminals stealing £2.26m from 9,000 people.

Following an investigation into the data breach, the Financial Conduct Authority (FCA) has now penalised Tesco for the ‘avoidable’ cyber-attack.

This is the first time that the FCA has issued a fine against a company for online fraud.

If you have suffered damage or distress caused by Tesco’s failings you might be able to claim compensation.

What happened in the Tesco data breach?

In 2016, Tesco suffered an “unprecedented” attack on its online accounts. During this attack cyber-criminals used an algorithm to generate authentic Tesco Bank debit card numbers and then, using those “virtual cards”, they carried out thousands of unauthorised debit card transactions.

Altogether, fraudsters stole a total of £2.26million.

What was the result of the Tesco data breach Investigation?

While Tesco was a victim of the cyber-attack, the FCA investigation has revealed that the attackers were able to exploit “deficiencies in Tesco Bank’s design of its debit card, its financial crime controls and in its Financial Crime Operations Team to carry out the attack”. As a result, these deficiencies left Tesco personal current account holders vulnerable.

The FCA also listed a catalogue of errors at the bank, including:

  • Not taking appropriate action to prevent the fraud from happening in the first place
  • Not responding to the attack with sufficient “rigour, skill and urgency”
  • Making a number of mistakes when dealing with the crisis
  • Ignoring warnings.

According to a spokesperson at the FCA, “The fine the FCA imposed on Tesco Bank today reflects the fact that the FCA has no tolerance for banks that fail to protect customers from foreseeable risks.

“In this case, the attack was the subject of a very specific warning that Tesco Bank did not properly address until after the attack started.

“This was too little, too late. Customers should not have been exposed to the risk at all.”

What should you do now?

While Tesco has refunded customers for any financial losses, if you have suffered damage or distress caused by its failings, you may be able to claim compensation.

Crucially, you can make a compensation claim if you have struggled emotionally following a data breach, even if you have not experienced any financial loss.

In this case, some victims were unable to access their funds when they needed them most, so were unable to pay for essentials such as food.

Being the victim of a crime can have a substantial impact on you mentally and physically. For some people, the effects can include a lack of sleep, feeling ill, unsettled or confused. So you should seek compensation for a failure to look after your information correctly.

At Hayes Connor Solicitors, we are considering launching a group action to help victims of the Tesco data breach to claim compensation. If we believe you have a substantial group action case we’ll go through your options with you and may be able to act for you on a NO WIN, NO FEE basis.

Where cases are very similar, group actions can be a powerful tool and can have a bigger impact than a single claim.