Tesco Bank has been fined £16.4 million by the Financial Conduct Authority (FCA) for failing to protect customers during a cyber attack back in 2016.
The FCA said the attack netted cyber-attackers £2.26 million after fraudsters targeted customers accounts.
Tesco have admitted that the attack results in 34 fraudulent transactions, in which funds were lifted from its customers.
The FCA said that the attack could have been avoided and that Tesco’s banking business failed to respond adequately to the security breach.
Mark Steward, executive director of enforcement and market oversight at the FCA, commented on the decision:
“The fine the FCA imposed on Tesco Bank today reflects the fact that the FCA has no tolerance for banks that fail to protect customers from foreseeable risks,” he said.
“In this case, the attack was the subject of a very specific warning that Tesco Bank did not properly address until after the attack started. This was too little, too late. Customers should not have been exposed to the risk at all.”
He added: “Banks must ensure that their financial crime systems and the individuals who design and operate them work to substantially reduce the risk of such attacks occurring in the first place.”
Gerry Mallon, Tesco Bank’s chief executive, said:-“We are very sorry for the impact that this fraud attack had on our customers. Our priority is always the safety and security of our customers’ accounts and we fully accept the FCA’s notice.”
“We have significantly enhanced our security measures to ensure that our customers’ accounts have the highest levels of protection. I apologise to our customers for the inconvenience caused in 2016.”
Last week it had been reported that the FCA was considering imposing a larger record fine of £33.6 million.
However, amid negotiations between the financial regulator and the bank, the fine was reduced after agreeing upon an early settlement.
Tesco shares (LON: TSCO) are currently trading -0.29 percent as of 10.17AM (GMT).