Tesco is set to be slapped with a record fine of up to £30 million over a cyber attack that took place in 2016.
The grocer’s banking arm fell victim to a sustained cyber attack in November 2016, which saw criminals access around 9000 people’s savings and led Tesco to pay back around £2.5 million.
According to Sky News the Financial Conduct Authority (FCA) is now considering imposing a record fine on the retailer, for the heist which was described at the time as “unprecedented”.
Although the initial attack was thought to have compromised over 50,000 customers’ accounts, the eventual number is understood to have been around 50.
The FCA’s investigation sought to establish whether customers were left exposed by Tesco Bank after it issues sequential debit card numbers, a practice avoided by other banks as it is makes it easier for hackers to guess expiry dates and security codes.
This will mark the first time the FCA has issued such a significant fine on a financial institution for a cyberattack.
Last year the regulator’s director of supervision voiced concerns that banks were “materially under-reporting” cyberattacks.
Since Tesco’s attack in 2016 cybercriminals have ramped up their attacks on both financial institutions and retailers, leading companies to invest billions in their defences and regulators to grant them far less leeway.