FCA fines Tesco Bank for failures in 2016 cyber attack

Tesco Bank has been fined £16.4 million after the Financial Conduct Authority (“FCA”) said that a cyber attack that stole £2.26 million from Tesco Bank customers in November 2016 was “largely avoidable”. This is the FCA’s first fine against a bank because of a cyber attack, and the Bank was found to have breached Principle 2 in failing to exercise due skill, care and diligence in protecting its personal current account holders against a foreseeable risk of fraud.

FCA Press Release