Release Date: 1st October 2018

To access the original FCA document, click here.

Summary

Tesco Personal Finance plc (Tesco Bank) was fined £16.4 million by the Financial Conduct Authority (FCA) for failing to exercise due skill, care, and diligence in protecting its personal current account holders during a cyber attack in November 2016. The cyber attackers exploited deficiencies in Tesco Bank’s debit card design, financial crime controls, and its Financial Crime Operations Team, resulting in the theft of £2.26 million over 48 hours.

Key Takeaways for Other Firms:

In conclusion, the FCA’s action against Tesco Bank highlights the importance of proactive and robust cyber security measures to protect customers from financial crime.

Back to the Dear CEO letter archives.