10/1/2018 8:38:00 AM

Source: Business Insurance

(Reuters) — Britain’s markets watchdog has fined Tesco PLC £16.4 million ($21.4 million) for failing to protect account holders at its bank from a “foreseeable” cyber attack two years ago.

The Financial Conduct Authority said that in November 2016 cyber attackers exploited deficiencies in Tesco Bank’s design of its debit card and in its financial crime controls.

“Those deficiencies left Tesco Bank’s personal current account holders vulnerable to a largely avoidable incident that occurred over 48 hours and which netted the cyber attackers £2.26 million,” the FCA said in a statement on Monday.

It was the watchdog’s first fine for cyber failings. Ensuring lenders become more resilient to cyber attacks has also become a priority for the Bank of England.

Separately, Tesco said it fully accepted the FCA’s findings and agreed to a settlement of 16.4 million pounds.