Tesco Bank Breach: Could Collaboration Have Saved Millions?

Early last month, Tesco Bank in the UK suffered a major breach. The losses incurred to date are reportedly over AUD$4 million from 9,000 affected customers. While the Bank has covered the losses incurred by its customers, there are other implications besides financial loss that a breach can have on an organisation.

It has now come to light that some of the customer’s private information, such as savings accounts and credit card details are likely being traded online. What started as an incident affecting the Bank directly, has now spread to its customers. The damage to the Bank’s reputation for failing to protect and secure their customer’s information is obvious to even the most casual of observers.

Then there are the regulatory implications of such attacks. An investigation by financial authorities in the UK is underway into the Bank allegedly failing to act on a warning from Visa, issued a year prior to the breach.

And as reported in the news, at least one information security firm in the UK had tried to contact the Bank to notify them of vulnerabilities in their online and mobile applications – the same vulnerabilities that may have led to this latest breach.

With so many third parties coming forward with stories of missed opportunities to help Tesco’s prior to this incident, one has to wonder if it may have been avoidable.

Collaborating with information security firms and even competitors in your industry to share knowledge is crucial to help mitigate attacks, particularly in the financial services sector. Each successful attack tends to be more sophisticated and devastating, further increasing the importance of collaboration to protect customers and the financial system.