| Recurring |
one_organization, multiple_organization |
(a) The software failure incident having happened again at one_organization:
- The incident at Tesco Bank where cyber thieves robbed 20,000 customers and siphoned off money from their accounts is a similar incident that has happened before within the same organization [Article 49951].
- The CEO of Tesco Bank, Benny Higgins, apologized for the cyber attack where 40,000 accounts were hacked and 20,000 were plundered for cash over the weekend [Article 49951].
(b) The software failure incident having happened again at multiple_organization:
- The article mentions various incidents of cyber attacks on banks globally, such as the $81m stolen from Bangladesh's central bank and the theft of £20m from several accounts in the UK, enabled by malware [Article 49556].
- It is highlighted that online security experts warn that online banking is becoming an increasingly popular target for cyber-criminals, indicating that similar incidents have occurred at multiple organizations [Article 49951]. |
| Phase (Design/Operation) |
design, operation |
(a) In the Tesco Bank software failure incident, the design phase played a significant role in the failure. The incident involved online criminal activity that resulted in money being fraudulently withdrawn from customer accounts. There were suspicions that Tesco Bank's security model was more vulnerable to compromise than it should have been, as users could set up transfers to other bank accounts without requiring SMS confirmation. Experts suggested that hackers may have found weaknesses in the back-office systems, possibly due to current or former employees. The incident highlighted the importance of robust system design and security measures to prevent such attacks [49556].
(b) The operation phase also contributed to the software failure incident at Tesco Bank. After the cyber attack, customers faced challenges in contacting the bank to address the fraudulent withdrawals from their accounts. Many customers reported difficulties in reaching the bank's customer service, waiting for hours without getting through. The delayed response and lack of communication from the bank added to the frustration and anxiety experienced by affected customers. This operational aspect of handling the aftermath of the attack highlighted the importance of efficient and effective operational procedures during crisis situations [49951]. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) The software failure incident at Tesco Bank can be attributed to factors both within and outside the system.
1. Within the system:
- Tesco Bank's security model was potentially vulnerable, allowing users to set up transfers without requiring SMS confirmation, which could have facilitated the fraudulent transfers [49556].
- The incident involved online criminal activity targeting customer current accounts, resulting in money being fraudulently withdrawn [49951].
- The bank had to freeze online transactions for current accounts as a precautionary measure to protect customer accounts [49951].
2. Outside the system:
- The attack on Tesco Bank was part of a rising tide of onslaughts against online banking, exploiting weak spots in web-facing computer systems and their users [49556].
- The incident was part of a broader trend of cyber-attacks on banks globally, indicating a larger issue in the banking industry [49951].
- Cyber-criminals may have orchestrated the attack through methods like phishing scams or targeting third-party companies processing money for the bank [49951]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident occurring due to non-human actions:
- The software failure incident at Tesco Bank involved online criminal activity where money was withdrawn fraudulently from customer current accounts [49556].
- The attack resulted in money being siphoned off from accounts without the need for SMS confirmation for transfers to other bank accounts [49556].
- The incident involved suspicious activity on a significant number of current accounts, leading to £2.5m being siphoned out of about 9,000 accounts [49556].
- The attack on Tesco Bank was part of a rising tide of onslaughts against online banking seeking to exploit weak spots in web-facing computer systems [49556].
- The incident highlighted vulnerabilities in the back-office systems of Tesco Bank, possibly due to a weakness that was exploited by hackers [49556].
(b) The software failure incident occurring due to human actions:
- The Tesco Bank CEO, Benny Higgins, acknowledged that a gang of cyber thieves robbed 20,000 customers, with some losing up to £2,000, indicating human involvement in the cyber attack [49951].
- Customers criticized Tesco Bank's response to the cyber attack, questioning the bank's supposedly robust security systems and accusing the company of treating them with contempt [49951].
- The Tesco Bank CEO, Benny Higgins, faced criticism for his extravagant expense claims, including spending over £18,000 on taxis for personal trips, while the company was cutting costs and jobs [49951].
- The leaked receipts of Benny Higgins' expenses revealed lavish spending on trips to the opera, restaurants, five-star hotels, and private members' clubs, raising questions about his priorities and financial decisions [49951]. |
| Dimension (Hardware/Software) |
software |
(a) The software failure incident occurring due to hardware:
- There is no specific mention of the software failure incident occurring due to contributing factors originating in hardware in the provided articles.
(b) The software failure incident occurring due to software:
- The software failure incident reported in the articles is primarily due to software-related factors. The incident involved cyber thieves robbing thousands of Tesco Bank customers by siphoning money out of their accounts through online criminal activity [49556].
- The incident led to customers discovering unauthorized payments made to mysterious companies, including accounts in Brazil, resulting in significant financial losses for the affected customers [49951].
- Tesco Bank had to block customer bank cards due to suspicious activity detected in its fraud prevention system, indicating a software-related security breach [49951].
- The incident involved a cyber attack where hackers gained access to some current accounts, resulting in money being withdrawn fraudulently, leading to chaos and financial losses for customers [49951].
- The incident highlighted concerns about internet security and the vulnerability of online banking systems to cyber-criminals, indicating software-related weaknesses in the banking system [49951]. |
| Objective (Malicious/Non-malicious) |
malicious |
From the provided articles, the software failure incident at Tesco Bank can be categorized as a malicious software failure incident. The incident involved cyber thieves conducting a cyber attack on Tesco Bank's online banking system, resulting in the theft of money from thousands of customer accounts [49556, 49951]. The attack was described as a significant breach, with 40,000 accounts being hacked and 20,000 accounts having money stolen [49951]. The cyber thieves were able to withdraw money fraudulently from customer accounts, leading to chaos and financial losses for the affected customers [49951].
The incident was characterized by suspicious activity detected in the bank's fraud prevention system, leading to the blocking of customer cards and freezing of online transactions as a precautionary measure [49951]. The attack caused customers to lose access to their funds and experience delays and difficulties in reaching the bank for assistance [49951]. The National Crime Agency was involved in investigating the thefts, highlighting the severity and criminal nature of the incident [49951].
Overall, the incident at Tesco Bank aligns with a malicious software failure scenario, where the software system was compromised by cyber thieves with the intent to harm the bank and its customers. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
(a) The intent of the software failure incident related to poor_decisions:
- The software failure incident at Tesco Bank was related to poor decisions in their security model, which made the bank more vulnerable to compromise. For example, once logged into a current account, a user could set up a transfer to another bank without requiring an SMS confirmation, potentially facilitating unauthorized transfers [49556].
- The incident also highlighted concerns about banks optimizing costs on the cyber side, potentially compromising security measures. Experts warned that the rise in cyber attacks against online banking was due to skilled computing individuals turning to criminal activities, while companies were trying to save money on cybersecurity, leading to a prediction of worsening cyber threats [49556].
(b) The intent of the software failure incident related to accidental_decisions:
- The software failure incident at Tesco Bank was not explicitly linked to accidental decisions. Instead, it was primarily attributed to vulnerabilities in the security model and potential weaknesses in the back-office systems that may have been exploited by hackers [49556]. |
| Capability (Incompetence/Accidental) |
development_incompetence |
(a) The software failure incident occurring due to development_incompetence:
- The Tesco Bank cyber attack incident where £2.5m was stolen from about 9,000 accounts was attributed to potential weaknesses in the bank's security model, allowing hackers to compromise the accounts. There were concerns raised about the vulnerability of the security model, particularly the ability for a user to set up a transfer to another bank without requiring SMS confirmation, indicating potential flaws in the system's design [49556].
- The incident also highlighted the need for banks to continuously update their software to prevent such attacks. For example, after the Bangladesh attack in which hackers broke into the Swift network, banks were warned to update their software to enhance security measures [49556].
(b) The software failure incident occurring due to accidental factors:
- The Tesco Bank incident where cyber thieves robbed 20,000 customers and stole up to £2,000 from some accounts was described as a cyber attack that may have been orchestrated through various methods such as phishing scams or targeting third-party companies processing money. The attack was seen as an ongoing problem in the world of online banking, with experts pointing out the vulnerabilities in the internet banking supply chain that could be exploited by cyber-criminals [49951].
- The incident led to chaos as customers discovered money had been stolen from their accounts through unauthorised payments made to mysterious companies, including accounts in Brazil. The response from Tesco Bank was criticized for leaving customers without access to their money and offering inadequate compensation, leading to further frustration among the affected customers [49951]. |
| Duration |
temporary |
The software failure incident reported in the news articles is temporary. The incident involved cyber thieves robbing thousands of Tesco Bank customers over a weekend by withdrawing money fraudulently from their accounts [49951]. The bank took immediate action by freezing online transactions for current accounts as a precautionary measure [49951]. Additionally, the bank promised affected customers a full refund within 24 hours and stated that new cards would be issued within seven to ten days [49951]. The incident was described as a cyber attack, and the National Crime Agency was investigating the thefts [49951].
Furthermore, the incident was part of a rising tide of hacking incidents targeting banks and involving online criminal activity [49556]. The attack on Tesco Bank was one of many instances of cyber attacks on financial institutions, indicating a broader trend of temporary software failures due to cybercriminal activities [49556]. |
| Behaviour |
crash, omission, timing, value, other |
(a) crash: The software failure incident reported in the articles can be categorized as a crash. This is evident from the fact that Tesco Bank's online banking system experienced a significant cyber attack where criminals managed to siphon off £2.5m from about 9,000 accounts over a weekend. The system crashed in the sense that it lost control and allowed unauthorized transactions to occur, leading to a loss of funds for customers [49556, 49951].
(b) omission: The software failure incident can also be categorized as an omission. This is because the system omitted to perform its intended functions of protecting customer accounts and preventing fraudulent transactions. Customers reported that money was being withdrawn without their permission, indicating a failure of the system to carry out its security measures effectively [49951].
(c) timing: The timing of the software failure incident can be considered as a factor in the overall failure. The attack occurred over a weekend, and customers were alerted about the unusual activity on their accounts. However, the response and actions taken by Tesco Bank, such as freezing online transactions and refunding affected customers, were not immediate, leading to delays in addressing the issue promptly [49556, 49951].
(d) value: The software failure incident can also be attributed to a failure in value. This is evident from the fact that customers had money fraudulently withdrawn from their accounts, indicating that the system failed to maintain the value of the accounts by allowing unauthorized transactions to take place [49556, 49951].
(e) byzantine: The software failure incident does not align with a byzantine failure scenario. There is no indication in the articles that the system exhibited inconsistent responses or interactions during the cyber attack on Tesco Bank's online banking platform.
(f) other: The software failure incident can be further described as a failure in security measures. The system failed to adequately protect customer accounts from cybercriminals who managed to exploit vulnerabilities in the online banking platform, leading to the unauthorized transfer of funds and compromising the security of customer accounts [49556, 49951]. |