International Banking Heist | Data Breach

Many Questions Remain After International Banking Heist

Tesco Bank, a Scotland-based bank and subsidiary of U.K. supermarket giant Tesco, recently blocked all online transactions tied to customers’ checking accounts after money was stolen from an estimated 20,000 of those accounts and the bank detected suspicious activity involving another 20,000 accounts, according to CEO Benny Higgins.

On November 9, 2016, the Bank reported that nearly $3 million dollars was stolen from affected accounts, which are operated through an app or online. Customers have reported that sums have been transferred to Spain and Brazil. The Bank said is it first saw signs of fraud on the evening of Nov. 5. Some Tesco customers, taking to the bank’s customer service website, have reported that their accounts were unexpectedly drained over the weekend. Others have reported difficulty in being able to connect with telephone-based Tesco call center staff. The Bank has stated that it will refund all accounts for every customer affected by the breach.

Scant Details

Tesco has so far avoided referring to the incident as involving either a data breach or a hack attack. But the breach almost certainly involved a system-level compromise, although it’s unclear if insiders, outsiders or both may have been involved.

While it is still unclear as to how the affected customer accounts were breached. The significant number of victims would be an extremely large number for a phishing campaign so the breach must be within the bank’s systems.

The breach could prove costly not only for Tesco but other banks. Breaches of this size and scale may take months to fully investigate, and if it is released that the breach was due a vulnerability in the bank’s online systems, it will lead to a lost trust not only in Tesco Bank but may impact people’s confidence with the online systems of other banks.

The big question is how the perpetrators were able to access so many accounts. Internet banking utilizes multi-factor authentication. Were two-factor authentication tokens compromised? If so, that could cast a shadow across the whole online banking and finance sector.

As the old adage goes “there is no such thing as a secure network.” This breach certainly highlights that fact. A financial institution with more than 7 million customers is going to spend a significant amount of resources on security, and if they can be hacked, if JPMorgan can be hacked, then there really are no such things as secure networks.

There are however well-managed networks. Is your network adequately managed? Contact us at pbmares.com to learn more about our cyber security services and how we can help your organization prepare for the growing threats of cyber risk.

ABOUT THE AUTHOR(S):

Harvey L. Johnson, CPA, CGMA, CISA
Partner, Chief Executive Officer
Harvey works with the firm’s financial institution clients, providing internal and external audit services, as well as cybersecurity and other risk assessments, to institutions ranging from $1 million to over $2 billion in assets. He also has more than 10 years of IT experience and serves as one of the firm’s IT consultants.

The content of this post is accurate as of the date below. Always ensure you are reviewing the most recent information available. Contact your tax advisor if you need clarification.

Many Questions Remain After International Banking Heist

SHARE THIS POST:

Related Posts

AI’s True Value in Banking

Progressing through Uncertainty

Whitepaper | For Boards, the Best Cybersecurity Defense Is a Good Offense