The UK's banking watchdog is threatening to charge Tesco Bank £30m for its failure to prevent a cyber attacks that affected thousands of customers in 2016.
In giving evidence to a UK Tresury Select Committe hearing, the Financial Conduct Authority (FCA) chief executive Andrew Bailey called the incident an "unprecedented and serious" cyber attack.
Money was stolen from over 40,000 customer acconts and Tesco's systems were down for two days as a result, leaving customers unable to make any transactions in that time. Furthermore, Bailey censured Tesco Bank for its communication during the outages which he said was "not transparent enough". At the time, affected customers complained of being left on hold for hours at a time.
Should it be found that there were failings in Tesco's systems and controls that contributed to the seriousness of the breach, the bank could be hit with a fine substantially higher than the cost of refunding affected customers.
In 2014, the Financial Conduct Authority fined RBS a total of £56m for a computer system failure that affected 6.5m customers.
The fine facing Tesco's is unlikely to exceed that figure and should be agreed within a number of weeks according to reports.