Tesco data breach leads to £16.4m fine
tesco travel money data breach

Data Leak Lawyers - Begin Your Data Breach Claim Today!

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

Tesco data breach leads to £16.4m fine

The massive November 2016 Tesco data breach has led to a ground-breaking fine issued in the sum of £16.4m.

The fine has been issued by the Financial Conduct Authority (FCA). It’s understood that this is the first time that the FCA has issued a fine for an online fraud incident.

The level of the fine is thought to reflect the severity of the Tesco data breach. This was an avoidable incident that arose from Tesco’s lax security. The incident led to customers of Tesco Bank losing millions of pounds in stolen funds.

About the November 2016 Tesco data breach

The November 2016 Tesco data breach occurred when criminals exploited vulnerabilities in Tesco’s security to generate “virtual cards”. An algorithm was to used to create new debit card numbers and the criminals then used the invented credentials to make payments and transfer funds out of genuine customer accounts.

In total, it’s understood that the criminals got away with some £2.26m

What the regulators said about the Tesco data breach

The regulators were far from complementary over the Tesco data breach. They described a number of errors and said that this was a “largely avoidable incident”.

In a comment, the FCA confirmed that the criminals exploited “deficiencies in Tesco Bank’s design of its debit card, its financial crime controls and in its Financial Crime Operations Team”.

The first fine of its kind

The Tesco data breach is said to have yielded the first fine from the FCA for an online fraud incident. The unauthorised transactions that the criminals managed to make led to a wave of outrage from customers targeted in the incident.

The fine of £16.4m reflects the severity of this breach, as well as the fact that it was totally avoidable.

It also leads us to consider how the FCA will be involved in future cybercrime incidents in conjunction with bigger GDPR fines. A company like Tesco could end up facing a huge fine from both the FCA and the Information Commissioner’s Office (ICO).

This is all on top of compensation claims that victims of a data breach are entitled to make.

The results is that incidents like the 2016 Tesco data breach could prove very costly for businesses moving forward. The cost of cybersecurity simply cannot be treated as anything other than a top priority for organisations.

The collapse of a business could end up revolving around a single cybersecurity incident.

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy
Contact is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon