Tesco Bank Data Breach: What Went Wrong?

The recent announcement that up to 20,000 of Tesco Bank’s customers have had their money stolen during a sophisticated cyber-attack is a warning sign for the entire industry. This is probably the largest data breach that the UK’s banking sector has ever faced, which may have far-reaching consequences for the entire challenger bank sector.

Insufficient Security System, Insider Threat, and More

Since online challenger banks are not as well-established as large high street banks, they inevitably are more exposed to financial and reputational risks, such as losses of market shares or declines in customer loyalty. This security incident also confirms that hackers are not necessarily focused on large enterprises. In fact, smaller banks may actually be a more attractive target, since these organizations appear to have a low risk of exposure for thieves and rarely fight back like bigger companies.

Despite some links to fraudsters abroad, there is a reason to believe that there was probably a mole inside Tesco Bank helping the thieves. Practice shows that it is extremely hard to penetrate and remotely access a bank’s network without assistance from inside—no matter whether it is done deliberately or happened by mistake. What is even more disturbing, Tesco had automatic fraud detection systems in place, but this did not help them prevent the breach. The attack occurred during the weekend, when banks have a reduced staff, so it took more time for employees to respond to the incident than it would have taken during the week. This leads us to a very important conclusion: Cybersecurity is not an activity that is conducted during business hours only. People responsible for maintaining security need to be vigilant 24/7 in order to quickly respond to any alerts generated by anti-fraud solution and stop attackers in the early stages of the breach, instead of dealing with post-breach consequences.

However, we need to keep in mind that regardless of how much organizations invest in data protection, they still cannot guarantee that their critical assets will be 100% secure. The high street UK banks have to be as vigilant as the smaller challenger banks, since both types of financial entities operate in the same cybersecurity landscape and use online operations to deal with customer requests. Even advanced security solutions are not a silver bullet against cyber-attacks, as they still need employees’ supervision and depend on a human factor.

Cybersecurity Lessons

However, what organizations can do is use machine-learning techniques to quickly adapt a security solution to spot the most common threat patterns and fix security problems even when responsible employees not working. Needless to say, these practices need to be combined with pervasive visibility into the IT environment. Keeping a close watch on what users are doing, like who is accessing what data, will help financial entities stay on the alert for any activities that may potentially indicate security violations (e.g., abnormal user behavior or data access) and mitigate the risk of data loss.

Next Step: Breach Investigation

Finally, an important step that Tesco Bank needs to take after the National Crime Agency finishes investigating the case is sharing the attack data with other banks. Disclosing the information about data breaches will increase cybersecurity awareness within the professional community and ensure that similar incidents will not happen again.

In our previous data breach investigation we analyzed the root-cause of Yahoo data breach. 

Co-founder of Netwrix. Alex is a well-known expert in the enterprise software industry. He holds both a master's degree and a Ph.D. in information security. As an author, Alex covers Netwrix’s awards and nominations, as well as cybersecurity trends.