Tesco Bank attack: PAV i.t.'s experts examine the hack on finance giant

When big businesses suffer a cyber-attack it is headline news. The shockwaves from the latest security breach at Tesco Bank reverberated across every industry with a digital presence.

But for every big business that is targeted, there are hundreds of smaller companies struggling to protect themselves and suffering the consequences on a daily basis. With Tesco Bank now facing scrutiny as to the cause of the breach, SMEs must take heed and ensure the right security systems are in place, as the stakes are just as high.

What happened at Tesco?

Last month saw one of the biggest online banking hacks in UK digital history, with over 9,000 Tesco Bank customers becoming victims of an attack which involved suspicious activity across 40,000 current accounts. 

With an estimated cost of £2.5 million paid out to customers who had money fraudulently withdrawn from their accounts, Tesco Bank is now reeling from both the financial implications and the wider cost to its reputation. 

As a result of the hack over the November weekend, the bank froze online transactions in an emergency measure to curb the losses. By the following Monday evening, the bank was still trying to resume normal service but admitted it was suffering the consequences of what it described as one of the biggest "systematic and sophisticated" attacks, resulting in its share price falling and a series of very awkward questions being raised, which the bank now has to answer.

Concerns raised

With a cyber-theft of such scale comes the scrutiny of a number of key agencies and groups, such as the National Crime Agency (NCA), many of whom are now demanding to know more information which the bank has so far struggled to provide. The key concern for banking customers is the fact the root cause of the attack remains unknown, subsequently shining a light on the broader threats to all online customers.

Commenting on the latest in a succession of large-scale IT failures and security breaches, the Chair of the Treasury Select Committee commented: "Making sure that banks improve their IT systems, and their resilience to cybercrime, is also a responsibility of regulators. We will raise this issue with them again shortly. We can't carry on like this." 

The Information Commissioner's Office (ICO) added: "We're aware of this incident and are looking into the details. The law requires organisations to have appropriate measures in place to keep people's personal data secure. Where there's a suggestion that hasn't happened, the ICO can investigate, and enforce if necessary."

Examining Tesco Bank's position within the wider banking industry emphasizes the vulnerability of the company in the immediate aftermath. With just 137,000 banking customers, Tesco Bank has struggled to grab more market share and compete with the big four players, Lloyds TSB, Barclays, HSBC and Royal Bank of Scotland. 

Following this development, it remains to be seen whether the bank will be able to convince new customers to switch to its services if they lose faith in its central system and security measures. 

Warning to all

These events, and the increasing regularity with which they occur, stand as a stark warning to all companies, regardless of size, that without the correct security measures in place, the loss to your core business and the damage to reputation can directly affect your place within the market. 

Repeated warnings about cyber-security must be heeded now before more customers suffer similar incidents. All businesses can take immediate steps to strengthen their security, such as downloading software updates and implementing stronger passwords. 

Assessing your business will help identify where possible weaknesses may lie and from there more robust measures can be put in place to guard against vulnerabilities.  

As experts in cyber security we are committed to giving our customers the best possible defence against hackers and fraudsters. To find out more about how our services can help your business, get in touch here


PAV i.t. services
Reeds Lane, Sayers Common
West Sussex, BN6 9LS
General enquiries: +44 (0)1273 834 000
Support / service desk: +44 (0)1273 834 433


PAV study highlights phishing threat to SMEs
A recent study carried out by PAV i.t. Services in conjunction with one of the UK's leading insurers highlighted that 29% of staff working at Small and Medium Sized Businesses (SMBs) open phishing emails.

Legal firms prime target for cybercriminals warn experts
With 62% of law firms falling victim to cybercriminals in the last year, and only 35% with a mitigation plan in place in the event of an attack, experts are warning that practices need

Security should be top priority for mobile developers to protect consumers
With the recent surge in fake apps tricking consumers out of personal data, experts are warning that manufacturers and developers of mobile devices need to make security a top priority in the design process to mitigate the serious risks posed by hackers.

PAV i.t. hosting free cybersecurity workshop for businesses
PAV i.t. will be holding a free cybersecurity workshop for businesses at Sussex Downs College in Eastbourne on Friday 24th February from 10am to 2pm.

From computer to crash helmet: Andy going for rally car glory
Andy Hollingham, an employee from PAV i.t., will be swapping his computer for a crash helmet when he takes part in the South Downs Stages rally car racing at Goodwood on Saturday 11th February.

From fiction to fact: the cybercrime threats of the future
Cybercrime was big business for fraudsters in 2016 with cybercriminals racking up an estimated £1 billion in damages to companies across the UK.

PAV i.t.'s experts examine security breaches at Yahoo and TalkTalk
Big business are not immune to cybercrime: PAV i.t. examines high-profile hacks at Yahoo and TalkTalk

Festive season prime time for IT outages warns PAV i.t.
With the cost of IT downtime, outages and failures costing UK businesses in excess of £12 billion in lost productivity in 2015, PAV i.t. is warning companies to be prepared...

It's good to talk: PAV i.t. urges firms to share their experiences to help in the fight against cybercrime
We regularly discuss the threats to businesses from the online world, and offer our expert advice about the steps firms can take to protect themselves. But despite various awareness campaigns about the threat of cybercrime, it remains a taboo subject


@SophosPartners @AspireCharity How about the London Revolution next year ? https://t.co/Q0BIYMFn2v - would love to… https://t.co/zNY1jYKZxN

Thanks @Sophos @krishagerman our MD Jason really appreciated the lightweight cycling gear for his ride to a very wa… https://t.co/fV36KGd7oe

We use cookies to help provide you with the best possible online experience.
By using this site, you agree that we may store and access cookies on your device. You can find out more and set your own preferences here.