In early November, Tesco was the victim of a cyber attack in which over £2.5million was stolen from approximately 9,000 of its customers’ accounts. As a result, Tesco has been forced to repay the stolen money to its customers and is now working with the National Crime Agency and other authorities to try to find the culprits.
This attack has been both expensive and embarrassing for Tesco Bank, but should also act as a clear warning to every business that handles and stores sensitive data. There are a clear consequences for any company that falls victim to cyber crime and it is absolutely crucial to understand what the dangers are and how to avoid them.
How cyber attacks hurt businesses
The cyber attack has obviously had a huge cost for Tesco Bank financially, not just in terms of the compensation for their customers, but also the inevitable cost of reviewing and upgrading their security. They may also face a fine under EU data protection rules. However, perhaps more serious is the damage it has caused to their reputation and customer trust in Tesco Bank.
Tesco have seen a dip in their share prices since the attack, suggesting decreased confidence in their brand. Although Tesco Bank are unlikely to release figures showing how many customers they ultimately lose as a result of the attack, it is highly likely that at least some of those effected will choose to take their business elsewhere. It is also reasonable to think that some customers not directly affected will choose to leave, having lost trust in the bank, and that potential new customers will be put off.
Why Tesco was vulnerable to cyber attack
According to information uncovered by the Financial Times, independent cyber security firms have confirmed that Tesco and Tesco Bank apps contained vulnerabilities which resulted in details of customers’ current accounts, savings accounts and credit cards being traded online on the so-called “dark web”.
However, Tesco told Financial Times:
“No customer data were lost. None of our systems were breached. This was a highly sophisticated attack on our systems and we responded very quickly.”
The exact method the criminals used has not yet been revealed, but it appears they were able to use smartphones to make contactless payments using the compromised accounts. They supposedly then bought a high volume of low-priced goods in the US and Brazil which could then be sold on, effectively laundering the stolen funds.
It is believed that one of the reasons Tesco Bank was targeted was due to a strategic weakness in some of the supermarket groups websites which allowed unlimited login attempts from the same IP address. This makes accounts much easier to hack by relatively simple methods, such as an old-fashioned brute force attack.
How to avoid being next
There are so many potential cyber threats out there that any business handling sensitive data has to take the issue very seriously.
One of the most basic precautions any business has to take is making sure they have up-to-date security software installed across all of their PCs, laptops and other relevant devices. This software should always have the latest patches and updates installed as these regularly add increased protection against new and existing threats.
It’s also a good idea to make sure logins for staff and customers (where relevant) are as secure as possible by requiring them to have strong passwords. You should also make sure there is a limit to how many failed login attempts can occur before an account becomes locked. This makes accounts much harder to hack.
It’s also advisable to have a security audit by an independent IT security firm which should be able to identify any specific vulnerabilities that may not be immediately obvious to you.
Protect your business from cyber attacks
Keeping your business safe from cyber crime isn’t just about protecting your company, it’s also crucial to maintaining customer confidence. If clients are trusting you with their personal, sensitive information, they need to know that you are taking all reasonable steps to keep that data secure. City Business Solutions specialise in IT security for the legal industry, so if you want to make sure you don’t fall victim to crimes like the Tesco Bank cyber attack we have the solution.
To find out more about how we can help keep your business secure, please get in touch.