Lloyds Bank hit by cyber-attack, as fraud costs in the UK rise by 55 per cent
Lloyds Banking Group has been subject to a three day-long cyber-attack designed to overwhelm the bank’s systems and disrupt its digital services.
Cyber criminals made millions of fake requests to the bank intermittently between 11 January and 13 January, which stopped some customers from using their online accounts.
The series of distributed denial of service (DDos) assaults came from overseas servers and affected the Lloyds, Halifax and Bank of Scotland brands.
In a game of cat and mouse, Lloyds defended its systems using a “geoblocker” that stops all traffic coming to its website from a particular country, but can also prevent customers in that region from accessing their accounts.
While some customers could not log into their digital accounts or experienced a slow online service, the attack did not result in any customer bank accounts being hacked.
A spokesman for Lloyds Banking Group said: “We experienced intermittent service issues with internet banking between Wednesday morning and Friday afternoon the week before last and are sorry for any inconvenience caused.
“We had a normal service in place for the vast majority of this period and only a small number of customers experienced problems. In most cases if customers attempted another log-in they were able to access their accounts.
“We will not speculate on the cause of these intermittent issues.”
Lloyds faced a flurry of complaints from customers on social media during the attack, but did not reveal the problems it was facing at the time.
The cyber-attack is the latest to hit Britain’s banking industry since Tesco Bank had to freeze online transactions for customers after falling foul of a hack in November.
Tesco Bank paid out an estimated £2.5m to 9,000 customers following the breach, with the Financial Conduct Authority chief executive Andrew Bailey describing it as “unprecedented”.
The National Cyber Security Centre (NCSC) - part of Government Communication Headquarters (GCHQ) - is understood to be working with Lloyds on the attack.
KPMG’s latest Fraud Barometer showed that the cost of fraud in Britain has risen above £1bn for the first time in five years, largely driven by a huge surge in cyber-crime.
The total value soared 55 per cent to £1.14bn last year, despite the number of cases dropping by nearly a third from 310 to 220.
KPMG - which measured cases in UK courts with losses of £100,000 or more - said this was due to a rise in “super cases” worth more than £50m, while the value of the average fraud case doubled to £5.2m from £2.4m.
The barometer also highlighted a 1,266 per cent jump in cyber fraud, which reached £124m in 2016.
It included a case where cold callers pretending to be members of bank fraud departments persuaded some 750 victims to reveal security details.
Gang members were making between £1m and £2m a week during the scam’s peak, taking a total £113m from victims between January 2013 and October 2015.
They targeted Lloyds and RBS business banking customers and, while police said no insiders from within the RBS banking group were discovered, three Lloyds collaborators were convicted.
It was described by police as one of the biggest cyber fraud scams ever investigated in the UK.
KPMG UK forensic partner Hitesh Patel said: “Both public and private organisations openly acknowledge that cyber-attacks are one of the most prevalent and high-impact risks they face and yet many operate on the basis ‘it won’t happen to me’.”
It was recently found that elderly people are most at risk of cyber fraud, with more than a million older people duped by email scammers in the UK.