T: +44 (0) 1794 301052 E: info@ploughshareinnovations.com

Tesco Bank falls victim to cyber crime totalling £2.5 million

News and Views

If you have a specific media enquiry or would like to know more about Ploughshare and what we do, please contact us at:

Ploughshare Innovations Ltd.
Unit 2, Nine Mile Water Business Park
Nether Wallop, Stockbridge
Hampshire SO20 8DR
United Kingdom

T: +44 (0) 1794 301602

Connect with Ploughshare

Tesco Bank falls victim to cyber crime totalling £2.5 million

November 2016

One of the UK's major supermarket-owned banks has fallen victim to a cybercrime which saw it stripped of £2.5 million from across 9,000 customer accounts.

The raid is the latest example of a series of online crimes carried out by hackers targeting online banks by searching for any vulnerabilities in its web-facing computer systems and related users.

The chief executive of web security firm, High-Tech Bridge, Ilia Kolochenko, told The Guardian newspaper: "Because a lot of economies aren't in good shape, you'll see more and more skilled computing people being out of work, and turning to the dark side where they work for criminals.

"And at the same time you've got a lot of companies trying to optimise their costs, and preferring to save money on the cyber side. It's hard to predict how successful and how large the scale will be, but I'm pretty sure it will get worse."

The Tesco bank cyber scam comes just months after a major hacking crime that took place in Bangladesh, during which £763 million was stolen from the country's central bank. Cyber criminals hacked into the international financial transfer information system - known as the Swift online network - and told the Federal Reserve Bank of New York to set in motion 32 transactions to accounts around the world, with a total of £763 million at stake.

Luckily, just two of the transactions, totalling £80 million, were actually paid out and of that amount, £50 million has yet to be recovered. All banks across the world have been encouraged by Swift to update their software in order to protect against any future cyber crimes.

As regards the Tesco Bank raid, there have been queries raised regarding whether the bank's online security systems were too vulnerable and allowed hackers in too easily, as well as questions regarding whether or not clues were given to hackers by past or current members of Tesco Bank staff.

The chief executive of the Financial Conduct Authority, Andrew Bailey, recently informed MPs that "there are elements of this [attack] that look unprecedented", but has yet to shed any more light on the incident. The cyber attack is currently being investigated by the National Crime Agency, as well as a number of other related authorities.

Some online security experts believe that Tesco Bank missed or ignored warning signs present in its software prior to the cyber crime and vulnerabilities in its mobile applications in the time preceding the attack have been singled out as the main reason behind the hackers' ability to gain entry to the system, it has been suggested.

The Cyber Defence Capability Assessment Tool (CDCAT) provides a comprehensive tool for organisations to assess their cyber defences and identify any vulnerabilities they may have. As the frequency of attacks increase, the tool is an essential method to mitigate any threats cybercriminals pose.

Back to News and Views

Share this article