Legal help for data breach compensation claims

Tesco data breach leads to £16.4m fine

Posted by Matthew on November 07, 2018 in the following categories: Claims Cybersecurity Hacking News Latest and tagged with | | | | |

tesco travel money data breach

The massive November 2016 Tesco data breach has led to a ground-breaking fine issued in the sum of £16.4m.

The fine has been issued by the Financial Conduct Authority (FCA). It’s understood that this is the first time that the FCA has issued a fine for an online fraud incident.

The level of the fine is thought to reflect the severity of the Tesco data breach. This was an avoidable incident that arose from Tesco’s lax security. The incident led to customers of Tesco Bank losing millions of pounds in stolen funds.

About the November 2016 Tesco data breach

The November 2016 Tesco data breach occurred when criminals exploited vulnerabilities in Tesco’s security to generate “virtual cards”. An algorithm was to used to create new debit card numbers and the criminals then used the invented credentials to make payments and transfer funds out of genuine customer accounts.

In total, it’s understood that the criminals got away with some £2.26m

What the regulators said about the Tesco data breach

The regulators were far from complementary over the Tesco data breach. They described a number of errors and said that this was a “largely avoidable incident”.

In a comment, the FCA confirmed that the criminals exploited “deficiencies in Tesco Bank’s design of its debit card, its financial crime controls and in its Financial Crime Operations Team”.

The first fine of its kind

The Tesco data breach is said to have yielded the first fine from the FCA for an online fraud incident. The unauthorised transactions that the criminals managed to make led to a wave of outrage from customers targeted in the incident.

The fine of £16.4m reflects the severity of this breach, as well as the fact that it was totally avoidable.

It also leads us to consider how the FCA will be involved in future cybercrime incidents in conjunction with bigger GDPR fines. A company like Tesco could end up facing a huge fine from both the FCA and the Information Commissioner’s Office (ICO).

This is all on top of compensation claims that victims of a data breach are entitled to make.

The results is that incidents like the 2016 Tesco data breach could prove very costly for businesses moving forward. The cost of cybersecurity simply cannot be treated as anything other than a top priority for organisations.

The collapse of a business could end up revolving around a single cybersecurity incident.

Request a call back from our team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with a * are required.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy.
You have the right to object to the processing of your personal data.


Plusnet data breach: another system upgrade failure
Compensation for both British Airways data breach dates
%d bloggers like this: