Online criminals attacking HSBC ‘all the time', says head of UK arm
The boss of HSBC's UK arm has said the bank is 'being attacked all the time' by online criminals, with cybersecurity now its biggest expense, costing the lender hundreds of millions of pounds.
Ian Stuart sought to reassure MPs that cybersecurity was 'very much at the top of our agenda', amid growing concerns that other large businesses could fall victim to the kind of attacks that have caused chaos at retailers such as Marks & Spencer and the Co-op.
M&S has been struggling for almost a month since its IT systems were targeted over the Easter weekend, with the attack hitting its online operations and leaving some store shelves empty.
'It does worry me … We are being attacked all the time, so the defence mechanisms that you put in are absolutely critical,' Stuart told the House of Commons Treasury committee on Tuesday. That involved 'investing hundreds of millions of pounds', he said. 'This is our biggest expense in business.'
'The amount of money [that] banks, all of us, will be spending on our systems is enormous today – and it has to be. It has to be because our customers rely on digital technology all the time,' Stuart said.
The need to keep a bank's systems operating seamlessly – 24 hours a day, seven days a week – has increased since bosses started accelerating the pace of branch closures and pushing more customers into using digital apps and online banking.
Stuart said that, at a group level, HSBC alone processed 1,000 payments a second. Meanwhile, the bank was making about 8,000 changes to its IT systems every week. He said no bank would be able to guarantee that its services could stay online all the time. 'So the skill is, how quickly can you recover?'
Banks' IT systems have come under increased scrutiny in recent months, with customers at Britain's largest banks and building societies having suffered the equivalent of more than one month's worth of IT failures between January 2023 and February 2025.
Those figures did not include the full impact of an outage at Barclays that started at the end of January and affected 56% of online payments during the crucial payday period for many employees. There have been further disruptions at Barclays since then.
Sign up to Business Today
Get set for the working day – we'll point you to all the business news and analysis you need every morning
after newsletter promotion
Speaking to MPs on Tuesday, the chief executive of Barclays' UK operations, Vim Maru, said the problems had been caused by software made by an external company.
'A software issue was the root cause, and we worked with a third-party provider that provides us with that software. We've learned the lessons around that. We've put a fix in place that means that we won't have a recurrence. And then looking forward, there's a further enhancement that we're making, which is in the middle of implementation,' Maru said.
The Barclays boss again apologised to affected customers. 'We're deeply sorry for the disruption that our technical issue on the 31st of January caused for our customers. We've clearly worked very hard to recover from that and make sure that we put the right steps in place,' he said.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Scottish Sun
38 minutes ago
- Scottish Sun
Terrifying message sent by ‘Chinese hackers' to M&S boss after crippling cyber attack on British retailer is revealed
The blackmail message is believed to have included a racist term RANSOM DEMAND Terrifying message sent by 'Chinese hackers' to M&S boss after crippling cyber attack on British retailer is revealed Click to share on X/Twitter (Opens in new window) Click to share on Facebook (Opens in new window) 'CHINESE hackers' allegedly sent a terrifying message to the boss of Marks & Spencer following a crippling cyber-attack on the British retailer. Fraudsters, believed to be from the hacking group DragonForce, are said to have emailed the company's chief executive Stuart Machin and seven other key executives. Sign up for Scottish Sun newsletter Sign up 2 High street retailer Marks & Spencer was hit by a cyber attack over the Easter holiday Credit: Alamy 2 M&S boss Stuart Machin, pictured, along with seven other company executives were emailed by the hackers, believed to be DragonForce Credit: PA The message, written in broken English, was sent on April 23, indicated that M&S was hacked by the ransomware group, although the retailer has not acknowledged this. 'We have marched the ways from China all the way to the UK and have mercilessly raped your company and encrypted all the servers,' the hackers wrote, according to the BBC. 'The dragon wants to speak to you so please head over to [our darknet website].' The link to the darknet shared in the email led to a portal for victims of DragonForce to negotiate a ransom fee. The hackers added: 'Let's get the party started. Message us, we will make this fast and easy for us.' DragonForce's attack during the Easter holiday has been hugely damaging for one of Britain's best-known retailer and is thought to have cost the firm an estimated £300million. After six weeks on from the attack, the retailer is still unable to process online orders. The email was sent to Mr Machin along with seven other top executives, according to the corporation. A racist term is also said to have been included in the blackmail message and also ended with an image of a fire-breathing dragon. Along with installing ransomware in order to cripple M&S's IT system the hackers are also believed to have stolen private data from millions of customers. The £3.50 M&S buy that'll make your whole house smell like a 'boujee candle' Three weeks on from the attack, M&S informed customers that contact details and dates of birth from some shoppers had been obtained by a suspected cyber cartel. M&S also admitted other personal details, including customers' order histories, had also been pilfered by online criminals. Bosses though have stressed that no data relating to shoppers' payment, card details or account passwords had been obtained. It is unclear how many customers have been affected by the data breach. According to the company's full-year results, it had 9.4million active online customers in the year up to March 30. The email apparently sent by DragonForce is thought to have bene sent using the account of an employee from IT company Tata Consultancy Services (TCS), which has provided IT services to the retailer for more than a decade. The Indian IT worker, who is based in London, had an M&S email address but is paid employee of TCS. Timeline of the attack Saturday, April 19: Initial reports emerge on social media of problems with contactless payments and click-and-collect services at M&S stores across the UK. Customers experience difficulties collecting online purchases and returning items due to system issues. Initial reports emerge on social media of problems with contactless payments and click-and-collect services at M&S stores across the UK. Customers experience difficulties collecting online purchases and returning items due to system issues. Monday, April 21: Problems with contactless payments and click-and-collect persist. M&S officially acknowledges the "cyber incident" in a statement to the London Stock Exchange. CEO Stuart Machin apologises for the disruption and confirms "minor, temporary changes" to store operations. M&S notifies the National Cyber Security Centre (NCSC) and the Information Commissioner's Office (ICO) and engages external cybersecurity experts. Problems with contactless payments and click-and-collect persist. M&S officially acknowledges the "cyber incident" in a statement to the London Stock Exchange. CEO Stuart Machin apologises for the disruption and confirms "minor, temporary changes" to store operations. M&S notifies the National Cyber Security Centre (NCSC) and the Information Commissioner's Office (ICO) and engages external cybersecurity experts. Tuesday, April 22: Disruptions continue. M&S takes further systems offline as part of "proactive management". Disruptions continue. M&S takes further systems offline as part of "proactive management". Wednesday, April 23: Despite earlier claims of customer-facing systems returning to normal, M&S continues to adjust operations to maintain security. Contactless payments are initially restored, but other services, including click-and-collect, remain affected. Despite earlier claims of customer-facing systems returning to normal, M&S continues to adjust operations to maintain security. Contactless payments are initially restored, but other services, including click-and-collect, remain affected. Thursday, April 24: Contactless payments and click-and-collect services are still unavailable. Reports surface suggesting the attackers possibly gained access to data in February. Contactless payments and click-and-collect services are still unavailable. Reports surface suggesting the attackers possibly gained access to data in February. Friday, April 25: M&S suspends all online and app orders in the UK and Ireland for clothing and food, although customers can still browse products. This decision leads to a 5% drop in M&S's share price. M&S suspends all online and app orders in the UK and Ireland for clothing and food, although customers can still browse products. This decision leads to a 5% drop in M&S's share price. Monday, April 28: M&S is still unable to process online orders. Around 200 agency workers at the main distribution centre are told to stay home. M&S is still unable to process online orders. Around 200 agency workers at the main distribution centre are told to stay home. Tuesday, April 29: Information suggests that the hacker group Scattered Spider is likely behind the attack. Shoppers spot empty shelves in selected stores. Information suggests that the hacker group Scattered Spider is likely behind the attack. Shoppers spot empty shelves in selected stores. Tuesday, May 13: M&S revealed that some customer information has been stolen. M&S revealed that some customer information has been stolen. Wednesday, May 21: The retailer said disruption from the attack is expected to continue through to July. The retailer said disruption from the attack is expected to continue through to July. It's thought the worker was among the victims hacked. The company had previously said it is investigating if it was a gateway for the cyber attack. It has since informed the BBC the email was not sent from its system and had nothing to do with the security breach. M&S has declined to comment on the latest revelations. A spokesperson for the company told The Sun Online: 'We cannot comment on details of or speculation on the cyber incident, and we have been advised not to.'
The Sun
38 minutes ago
- The Sun
Terrifying message sent by ‘Chinese hackers' to M&S boss after crippling cyber attack on British retailer is revealed
'CHINESE hackers' allegedly sent a terrifying message to the boss of Marks & Spencer following a crippling cyber-attack on the British retailer. Fraudsters, believed to be from the hacking group DragonForce, are said to have emailed the company's chief executive Stuart Machin and seven other key executives. 2 2 The message, written in broken English, was sent on April 23, indicated that M&S was hacked by the ransomware group, although the retailer has not acknowledged this. 'We have marched the ways from China all the way to the UK and have mercilessly raped your company and encrypted all the servers,' the hackers wrote, according to the BBC. 'The dragon wants to speak to you so please head over to [our darknet website].' The link to the darknet shared in the email led to a portal for victims of DragonForce to negotiate a ransom fee. The hackers added: 'Let's get the party started. Message us, we will make this fast and easy for us.' DragonForce's attack during the Easter holiday has been hugely damaging for one of Britain's best-known retailer and is thought to have cost the firm an estimated £300million. After six weeks on from the attack, the retailer is still unable to process online orders. The email was sent to Mr Machin along with seven other top executives, according to the corporation. A racist term is also said to have been included in the blackmail message and also ended with an image of a fire-breathing dragon. Along with installing ransomware in order to cripple M&S's IT system the hackers are also believed to have stolen private data from millions of customers. Three weeks on from the attack, M&S informed customers that contact details and dates of birth from some shoppers had been obtained by a suspected cyber cartel. M&S also admitted other personal details, including customers' order histories, had also been pilfered by online criminals. Bosses though have stressed that no data relating to shoppers' payment, card details or account passwords had been obtained. It is unclear how many customers have been affected by the data breach. According to the company's full-year results, it had 9.4million active online customers in the year up to March 30. The email apparently sent by DragonForce is thought to have bene sent using the account of an employee from IT company Tata Consultancy Services (TCS), which has provided IT services to the retailer for more than a decade. The Indian IT worker, who is based in London, had an M&S email address but is paid employee of TCS. Timeline of the attack Saturday, April 19: Initial reports emerge on social media of problems with contactless payments and click-and-collect services at M&S stores across the UK. Customers experience difficulties collecting online purchases and returning items due to system issues. Monday, April 21: Problems with contactless payments and click-and-collect persist. M&S officially acknowledges the "cyber incident" in a statement to the London Stock Exchange. CEO Stuart Machin apologises for the disruption and confirms "minor, temporary changes" to store operations. M&S notifies the National Cyber Security Centre (NCSC) and the Information Commissioner's Office (ICO) and engages external cybersecurity experts. Tuesday, April 22: Disruptions continue. M&S takes further systems offline as part of "proactive management". Wednesday, April 23: Despite earlier claims of customer-facing systems returning to normal, M&S continues to adjust operations to maintain security. Contactless payments are initially restored, but other services, including click-and-collect, remain affected. Thursday, April 24: Contactless payments and click-and-collect services are still unavailable. Reports surface suggesting the attackers possibly gained access to data in February. Friday, April 25: M&S suspends all online and app orders in the UK and Ireland for clothing and food, although customers can still browse products. This decision leads to a 5% drop in M&S's share price. Monday, April 28: M&S is still unable to process online orders. Around 200 agency workers at the main distribution centre are told to stay home. Tuesday, April 29: Information suggests that the hacker group Scattered Spider is likely behind the attack. Shoppers spot empty shelves in selected stores. Tuesday, May 13: M&S revealed that some customer information has been stolen. Wednesday, May 21: The retailer said disruption from the attack is expected to continue through to July. It's thought the worker was among the victims hacked. The company had previously said it is investigating if it was a gateway for the cyber attack. It has since informed the BBC the email was not sent from its system and had nothing to do with the security breach. M&S has declined to comment on the latest revelations.
The Guardian
42 minutes ago
- The Guardian
Bargain Hunt expert jailed for offences under Terrorism Act
A BBC Bargain Hunt art expert who failed to report a series of high-value art sales to a man suspected of financing the militant group Hezbollah has been jailed for two and a half years. Oghenochuko Ojiri, 53, sold artworks worth a total of about £140,000 to Nazem Ahmad, a man designated by US authorities as a suspected financier for the Lebanese organisation, a court hearing was told last month. Ojiri, of Brent, north London, previously pleaded guilty to eight offences under section 21a of the Terrorism Act 2000. He is believed to be the first person to be charged with the specific offence. The art dealer, who has also appeared on the BBC's Antiques Road Trip, was charged with failing to disclose information about transactions in the regulated art market sector on or before dates between October 2020 and December 2021. US prosecutors say Ahmad was a 'major Hezbollah financial donor' who used high-value art and diamonds to launder money and fund the group. Ahmad is accused of evading terrorism sanctions by using front companies to acquire more than $160m (£120m) in artwork and diamond services. After the introduction of new money-laundering regulations in January 2020 that brought the art market under HMRC supervision, Ojiri is said to have discussed the changes with a colleague, indicating awareness of the rules. The court previously heard the total value of the artworks sold was about £140,000. Mrs Justice Cheema-Grubb sentenced Ojiri to two years and six months in prison at the Old Bailey on Friday, with a further year to be spent on licence.
