Lloyds bank accounts targeted in huge cybercrime attack

Banking group says none of its 20m accounts were hacked or compromised after fending off two-day denial of service attack

Lloyds Banking Group suffered 48-hour online attack this month as cybercriminals attempted to block access to 20m UK accounts.

The denial of service attack ran for two days from Wednesday 11 January to Friday 13 January, as Lloyds, Halifax and Bank of Scotland were bombarded with millions of fake requests, designed to grind the group’s systems to a halt. Usually in a denial of service (DOS) attack the criminals demand a large ransom, to be paid in bitcoins, to end the onslaught.

However, no accounts were hacked or compromised during the attack, and Lloyds did not pay a ransom.

In a cat-and-mouse game across the planet, IT security experts at Lloyds “geo-blocked” the source of the attack. This effectively drops a portcullis over the server launching the attacks, but also stops legitimate customer requests from that area too. The cybercriminals then move to another server, and the geo-blocking game begins again.

It explains the intermittent nature of the service issues at Lloyds during the period of the attack, with some customers complaining that they could not log on, but most experiencing normal service.

Lloyds declined to comment on the specific nature of the attack. In a statement, it said: “We experienced intermittent service issues with internet banking between Wednesday morning and Friday afternoon the week before last and are sorry for any inconvenience caused.

“We had a normal service in place for the vast majority of this period and only a small number of customers experienced problems. In most cases if customers attempted another log-in they were able to access their accounts.

“We will not speculate on the cause of these intermittent issues.”

Andrew Tyrie, chair of the House of Commons Treasury select committee, called for the financial services industry to create a single point of responsibility to tackle cyber risks. In a statement issued on Monday, he said: “As millions of customers are exposed to the risks of cybercrime, a higher level of scrutiny and accountability for existing arrangements is needed.”

The incident comes just months after a far more serious cyber-heist against Tesco Bank, when criminals launched an “unprecedented” online attack that resulted in the loss of £2.5m from 9,000 accounts.

Several other major British banks have been hit by service outages over the past two years when their systems were flooded with fake requests.

In January last year, HSBC’s internet banking facility was made unavailable following a DOS attack, but no transactions were affected.

In 2015, Royal Bank of Scotland revealed it suffered a cyber-attack on its online services that left customers struggling to log on for nearly an hour – just as monthly pay cheques were arriving in accounts.

The threat to Britain’s financial infrastructure from persistent cyber-attacks was partly behind the pledge by the chancellor, Philip Hammond, in November to spend an extra £1.9bn protecting UK online defences.

Outdated computer systems are allowing malicious hackers to target everyone from companies at board level to individuals in their living rooms, according to the chancellor.

The money will help boost the National Cyber Security Centre, the new division of the surveillance agency GCHQ created last month.

Andrew Tyrie, MP, chair of the Treasury select committee, said that responsibility for reducing cyber threats is shared too widely among a number of bodies, including the Prudential Regulatory Authority, the Financial Conduct Authority and GCHQ, and needs to be simplified.

“The attack on Lloyds was deeply troubling. Thousands of customers were affected by this, the latest in a long list of failures and breaches of banking IT systems.,” he said.

“As I have already pointed out, it is time to consider whether a single point of responsible for cyber risk in the financial services sector is now required.”


Patrick Collinson

The GuardianTramp

Related Content

Article image
Tesco Bank cyber raid 'unprecedented', says financial regulator
FCA chief tells MPs that ‘serious’ theft from 20,000 accounts may be linked via debit card flaw as customers report money transfered to Brazil and Spain

Jill Treanor

08, Nov, 2016 @11:48 AM

Article image
'I lost £95,000 in a bank scam after my solicitor's email was hacked'
Sally Flood managed to claw two-thirds back, but says lenders should do more to protect customers

Rupert Jones

29, Feb, 2020 @1:00 PM

Article image
Tesco Bank cyber-thieves stole £2.5m from 9,000 people
Bank announces total sum as it reassures customers that they have been refunded and that normal services have been restored

Jill Treanor

08, Nov, 2016 @10:10 PM

Article image
Tesco Bank freezes transactions after cash taken from 20,000 accounts
Bank chief says move is attempt to protect customers and pledges to refund 20,000 current account holders who lost money

Jill Treanor and Rupert Jones

07, Nov, 2016 @6:59 PM

Article image
Lloyds halts branch sales of packaged accounts
Lloyds current accounts offering added extras such as travel insurance and breakdown cover for an annual fee will no longer be available from January 2013

Patrick Collinson

19, Dec, 2012 @4:57 PM

Article image
Fraud soars by 53% in a year as scammers get sophisticated
Financial services providers are launching a national campaign to combat rise in fraud and remind customers to stop and think

Rupert Jones

19, Sep, 2016 @11:01 PM

Article image
Smartphone-only bank Monzo eyes billion-pound valuation
London-based bank set to become fintech ‘unicorn’ after lining up $150m of funding

Sean Farrell

17, Aug, 2018 @12:31 PM

Article image
What the collapse of the Lloyds/Co-op banking deal means to you
We ask how customers will be affected by Co-op's decision not to go ahead with buying Lloyds branches

Hilary Osborne

24, Apr, 2013 @10:11 AM

Article image
HSBC suffers online banking cyber-attack
Bank admits its internet banking facility was made unavailable following a ‘denial of service’ attack, but says no transactions were affected

Hilary Osborne

29, Jan, 2016 @11:51 AM

Article image
Which? files supercomplaint against banks over transfer fraud
Banks may face formal inquiry into whether they can refuse to reimburse victims conned into transferring money into fraudsters’ accounts

Rupert Jones

22, Sep, 2016 @11:01 PM