News Feed

The National Cyber Security Centre (NCSC) has engaged in helping Tesco bank in what has been described as the most serious cyber-attack launched against a UK bank.

The attack involved the theft of £2.5m from 9,000 customer accounts of the supermarket’s banking arm. The banks quickly reimbursed these funds however. The organisation suspended online and contactless transactions from current accounts in the immediate wake of the breach. By the 8th November, a day after the attack, Tesco announced it was restoring normal service again.

A total of 136,000 current accounts is what the bank manages, which may have lost the company a lot of money having suspended online and contactless transactions for the period of the attack.

Chief executive of cyber-security service ECSC, Ian Mann, says that the size of the breach indicates that is likely that either Tesco’s internal systems or its mobile application have been hacked. He claimed that the method of access for its customers is ‘weak for this type of system’.

The exec added that: "Username is your email by default, and you only need digits from a numeric PIN. By requiring limited digits from the PIN on login, they make it virtually impossible to hash (encrypt) the PINs they have stored. This means a compromise of their customer database will reveal all logins and passwords to the attacker."

Tesco may face a huge fine under the new and improved EU data protection law over the breach. It is estimated that Tesco bank could be fined nearly £2bn under GDPR rules for the attack.

We know that nobody is safe when it comes to data security and organisations cannot just simply sit back and ignore it. Even the giant, worldwide companies such as Tesco are becoming the victims of breaches. When it comes to reviewing your security position, tomorrow may just be too late, so what are you doing to protect your data? Act now!