“Every little (cybersecurity) helps” – 20,000 Tesco customer bank accounts accessed in cyber attack
cyber-attacks on UK councils

Data Leak Lawyers - Begin Your Data Breach Claim Today!

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

“Every little (cybersecurity) helps” – 20,000 Tesco customer bank accounts accessed in cyber attack

Tesco are the latest corporation to fall victim to a major cyber-attack.

It’s thought that 20,000 customer bank accounts were affected following an attack, leading to a full investigation with the National Crime Agency which is now well underway.

This is also thought to be the first time a bank has acted very publicly about such an attack. There has long been concerns about what organisations are keeping from us. in terms of cybersecurity issues…

Sophisticated cyber-attack

Tesco Bank’s chief executive, Ben Higgins, blamed the nature of the attack, calling it “a systematic, sophisticated attack”, with the possible undertone that there was little blame on their part.

This seems to be the trend that many companies are following who have suffered huge attacks – like TalkTalk and Yahoo. The logical thought process would be that, if companies were more proactive about cybersecurity, there would be less risk of a cyber-attack.

But then there is always the common argument from their side that they can’t always stop them all…

Thousands of customers affected

Mr Higgins knew “exactly” what the attack was, but did not go into further detail as it is part of a current criminal investigation. It is thought that 40,000 accounts experienced “suspicious transaction activity” and a further 20,000 of these accounts are thought to have had money taken out of the account.

These are big figures…

The chief executive said their focus was on protecting customer transactions. However, you could argue that their ‘protection’ is a little too late given that the damage has already been done…

Inadequate response?

Since the cyber-attack was revealed, Tesco have informed customers of the attack, stating that current account holders will not be able to make online transactions until they can “bring things back into control”. This will not stop customers from using their card at an ATM, make VISA transactions, or even stop the access of their online banking account.

This has not just caused customers distress with the thought of further fraudulent activity, but it has also been a massive inconvenience for many cannot perform online transactions until further notice.

Financial losses

The bank has pledged that any financial loss resulting from the attack will be borne by the bank. They state that customers are not at financial risk, yet, by having even some access to the bank accounts attacked, the cyber-hackers could potentially do further damage as well.

By stating that the customers are not at any financial risk, Mr Higgins has possibly given them a false sense of security, and you could argue that it’s quite a shaky statement. It’s almost like saying “once you have given the keys to your house to a burglar, you are not in any danger one they’ve been returned.”

Is that really a fair statement?

Mr Higgins has apologised for the “worry and inconvenience” that customers have had to face, but, at the same, is it enough for Tesco to just apologise and refund the stolen money? Tesco has arguably put their customers at risk of potential future attacks and fraud, and can you quantify such a risk?

Inadequate cybersecurity

There are clear arguments that Tesco did not do enough to protect their customers from the cyber-attack. Security expert James Maude said that, for Tesco to suspend online transactions – taken with the fact that so many customers were affected – clearly highlights the multiple problems with the website.

Was it secure enough? Did Tesco keep up with maintenance or website updates to keep their security at a maximum?

There are a number of unanswered questions at this stage…

Data protection responsibilities

One thing is for sure – companies like Tesco have an important responsibility to protect their customers from unlawful data processing; as is clear under the Data Protection Act. The Act lays out eight principles that companies, organisations and the government must follow in accordance with their customers’ data. If it is found that Tesco failed to adhere to these principles, they can be subject to strong penalties and possible fines.

It is not the first time!

It’s not the first time that Tesco has had some problems with their cybersecurity. In 2014, thousands of Tesco customers’ login details and passwords were accessed which led to a mass deactivation of accounts. You would have thought that, two years on, Tesco would have learnt their lessons. Tesco, as well as their customers, may have, unfortunately, just learned the hard way!

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy
Contact is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon