Tesco Bank is a well known UK bank. Created with the help of the Royal Bank of Scotland, Tesco today enjoys 7 million customer accounts. Confidence in the bank was badly shaken this week when the bank announced that thousands of accounts were the victim of a cyberhacking attack. New evidence now suggests that the incident may have been state sponsored.
The story first broke on Monday, November 7th when the bank announced on social media that many accounts were illegally accessed.
“Over the weekend, some of our customers’ current accounts have been subject to online criminal activity. Our first priority is to protect your account so we have taken the precautionary measure of temporarily suspending online transactions from your account, this includes contactless transactions… We are very sorry for the inconvenience and will let you know as soon as we resume normal service.”
The bank told regulators on Monday that as many as 40,000 accounts had been accessed and that money had been taken from half of them. On Tuesday the bank reduced that number and said that 9,000 account had lost money. The bank says it has reimbursed account holders the equivalent of $3.15 USD.
Now a House of Commons’ Treasury Select Committee Member of Parliament claims the cyberhacking incident may be state sponsored.
Britain’ newly formed National Cyber Security Centre and the National Crime Agency are investigating Neither law enforcement agency would confirm a link to the crime being state sponsored but have confirmed the cyberhacking incident was extremely sophisticated. It appears that money from customer accounts was sent to Spain and Brazil.
A story in the Guardian reveals that last year Tesco Bank’s IT director was championing bank staff using their own computers for work. Called BYOD or “bring your own device,” bankers could use their own devices for work purposes. If true, that practice exponentially increases the chance that an unsuspecting employee could have had his or her computer compromised.
Cyberhacking Opportunities for Bank Whistleblowers – FIRREA
Regardless if the criminals behind this latest cybersecurity breach were teenage hackers, members of an organized crime ring or state sponsored thieves, banks have a duty to protect customer’s data and accounts. In the U.S., cybersecurity oversight is the responsibility of the Federal Reserve, the Comptroller of the Currency and the FDIC.
Current regulations require banks to have robust cyberhacking protections in place and to promptly report any cyber theft attempts. In the Tesco Bank case, it appears that the bank immediately reported the intrusion and loss of funds. That allowed authorities to quickly investigate. Unfortunately, we know of incidents where banks have covered up hacking incidents to avoid embarrassment, regulatory fines and a loss of customer confidence.
When a bank fails to follow robust cybersecurity protocols or doesn’t report hacking incidents, the bank could be liable under the Financial Institutions Reform Recovery and Enforcement Act (FIRREA).
FIRREA can pay whistleblowers who report cyberhacking violations involving banks subject to U.S. regulation awards of up to $1.6 million.
Collecting an award involves filing a sealed declaration to the Justice Department. Violations are usually investigated by the above banking agencies, FBI and Financial Crimes Enforcement Network.
Are the awards real? To date our banking whistleblower clients have recovered over $100,000,000.00!
For more information, visit our cybersecurity information page or give us a call. All inquiries are protected by the attorney – client privilege and kept confidential. Contact attorney Brian Mahany at or by telephone at (414) 704-6731 (direct).
Mahany Law – America’s Cyberhacking – Cybersecurity Whistleblower Lawyers