Over the weekend 40,000 Tesco Bank customers had their accounts compromised leading to 20,000 of those accounts losing money.
Tesco Bank alerted customers via text with the message to review their accounts and report any suspicious activity and if any money was stolen, they would reimburse the money within ‘24 hours’.
According to the Telegraph, the Tesco Bank fraud is seen to be “the worst banking failure to date” because of the numbers of accounts involved in the breach.
While the bank has been rather cautious in not mentioning the word ‘hacking’ in their press statements, the latest reports are that the police are investigating suspicious transactions in bank accounts based in Spain and Brazil, which would suggest a specifically targeted cyber attack on the Tesco Bank.
What price will Tesco pay?
A data breach doesn’t look great at the best of times, however when this involves customers’ money then the repercussion will be greater than normal.
Initially, the bank will receive a lot of angry phone calls which will lead to a lack of trust in the bank’s security systems and practice. Considering the nature of the breach, it will be difficult for Tesco Bank to recover from this breach. The brand reputation will be tarnished as the bank that lost customer’s money and details.
After an investigation on the incident, a hefty fine from the ICO will inevitably be given to Tesco for not protecting the personal information of its customers. However as this is the first of its kind on a British bank, it’s unsure what the repercussions will be for the 20,000 accounts that lost money.
How do I make sure my business is secure from attacks?
It’s a huge priority for your business to ensure that the information of your customers is safe and secure in your possession, therefore making sure that your network is layered with protection and that your employees are trained in basic information security.
Your IT team need to make sure that all software is up-to-date, including your antivirus and firewall and this is continuously reviewed so that any potential malware can’t enter through insecurities.
A strong password policy needs to be enforced on all members of staff so that they can’t be targeted by brute force and dictionary attacks. For tips on this, Bob’s Business’ IISP accredited Perfect Passwords module will walk users through password etiquette that will avoid passwords such as ‘qwerty’ or 123456.
Training staff how to spot a phishing email is essential to avoid any personal details being leaked or malware infecting devices and networks. Our ‘Think Before You Click’ phishing awareness simulation targets users with bespoke phishing emails.
Employees need to be ask vigilant of any opportunists that could be taking advantage of the situation by sending out fake Tesco Bank emails offering help by asking users to hand over personal details.
Tesco Bank’s failure to protect the data follows the ingrained culture of refusing to take the issue of cyber security seriously. No matter what size business, large corporation or SME, it’s of great importance that your customers’ data is safe in your presence. A strong cyber security strategy that is all inclusive within the business, so everyone knows their basic cyber hygiene will help mitigate these risks.