Legal help for data breach compensation claims

The 2016 Tesco bank hack – when banks are breached

Start Your Claim Today!

Your privacy is extremely important to us. Read how we handle your data in our Privacy Policy

It’s a rare thing for a bank to suffer a data breach, but around this time last year people were left fearful after Tesco suffered a massive security breach in their banking branch.

Reportedly, around 40,000 Tesco Bank accounts were affected with money taken from some 20,000 accounts.

At least £2.5 million was stolen in what was deemed as one of the biggest, successful attacks on a bank to have ever occurred, and potentially the very first, large-scale attack where money was directly stolen from a bank.

A costly breach

Tesco immediately suspended online banking activity and contactless payments in the wake of the breach, although with the breach being online, account holders were still able to use the chip and pin services and cashpoints. Tesco sent an alert to users to inform and warn them of the attack, and they also refunded customers that had money taken from their accounts.

As is common with such breaches, shares dropped, compensation claims were filed, and authorities investigated the breach. This kind of breach can see hefty fines from our regulators here in the U.K.

‘Systematic and sophisticated’ attack

The supermarket labelled this as a ‘systematic and sophisticated’ attack. The breach came only a couple of years after the 2014 Tesco.com attack where thousands of online users had their login names and passwords shared publicly.

Over 2,000 internet shopping accounts were affected in that breach, and personal data was compromised. It was suspected that the 2014 breach was a result of the 2013 breach where hundreds of Tesco club card holders had their loyalty schemes hacked and their usernames and passwords revealed.

For the recent data breach, The National Crime Agency got involved in investigations as well as the Financial Conduct Authority, and The Information Commissioners Office (ICO).

With the power to impose penalty fines of up to £500,000, undertakings and even custodial sentences, the ICO often come down hard on organisations who fail in their legal obligations to protect peoples’ data.

IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.

Request a call back from our team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy.
You have the right to object to the processing of your personal data.

First published by Editor on November 28, 2017
Posted in the following categories: Latest and tagged with | |


A look back at the 2015 TalkTalk hack
Medical data still the most commonly breached information
%d bloggers like this: