According to reports, an international hacking group launched a targeted distributed denial of service attack on Lloyds Banking Group two weeks ago, the Financial Times reported.
The attack lasted two days and affected Lloyds customers, although none suffered any financial loss from the attack. TSB, which split from Lloyds in 2013 also was affected by the attack.
>See also: The difference between ‘cosmetic’ and ‘smart’ banking explained
Sean Newman, director at Corero Network Security, commented on the news stating that “Recent service interruptions reportedly experienced by LloydsBank customers are just another example of the challenges faced by today’s online businesses. Consumer expectations of 24×7 service availability have created a genuine risk of lost revenue and lasting reputational damage, as a result of a DDoS attack which means the stakes are just too high to ignore”.
In response to a request for more information, a Lloyds spokesperson provided this statement via email to IBTimes UK: “We experienced intermittent service issues with internet banking between Wednesday morning and Friday afternoon the week before last and are sorry for any inconvenience caused.”
“We had a normal service in place for the vast majority of this period and only a small number of customers experienced problems. In most cases if customers attempted another log-in they were able to access their accounts. We will not speculate on the cause of these intermittent issues.”
As opposed to the Tesco Bank hack, there is no suggestion any Lloyds company data or customer details have been affected.
>See also: Cyber security: Tesco Bank accounts have been compromised
A Lloyds spokesperson also confirmed that the banking group’s branch network was not targeted or affected by the attack.
Not the first, or the last
Tesco Bank suffered what people are calling a cyber heist late last year, where hackers stole £2.5 million from 9,000 Tesco Bank customers.
“Protecting against modern DDoS attacks, requires an always-on solution, which can react to attacks in true real-time, surgically removing the attack traffic, and ensuring legitimate traffic can proceed uninterrupted – only then, can services stay online, all the time,” concluded Newman.