The Financial Conduct Authority has sent out a chilling warning to Equifax, British Airways and TSB that it plans to come down hard on companies which fail to protect customers’ financial details amid reports that it is considering a record fine of over £30m for Tesco Bank over its 2016 hack attack which was minor by comparison.
The FCA’s investigations into recent the incidents at Equifax, BA and TSB are still ongoing, but if its proposed fine following the cyber-attack on Tesco Bank is anything to go by, they could be facing eye-watering penalties.
Two years ago, Tesco Bank was forced to suspend all online transactions after it admitted accounts had “been subject to online criminal activity, in some cases resulting in money being withdrawn fraudulently”. At the time, it was reported that 40,000 customers had been affected, but this was subsequently revised down to 20,000.
Tesco Bank is understood to have eventually put the figure at fewer than 50 customers, all of whom were refunded within days, while no customer data was compromised. Equifax, meanwhile, was forced to admit that 15.2 million UK records had been exposed in its 2017 attack.
According to a report on Sky News, Tesco Bank is contesting the scale of the FCA’s proposed penalty and is in active negotiations with the watchdog about it.
A “substantially lower” sum could be agreed within the next few weeks although there was no guarantee that the issue could be resolved swiftly, Sky News reports.
One analyst suggested that based on the number of customers who were affected, the FCA’s initial proposal implied that companies would in future face fines of hundreds of millions, or even billions, of pounds if they were hit by a large-scale cyber attack.
Equifax first to be hit with maximum £500k data fine
Botched data transfer leaves TSB customers fuming
British Airways grovels as 380,000 hit by data breach
20,000 Tesco Bank accounts raided in hack attack