Friday’s attack marks the fifth time in the past three years that NatWest’s online banking service has been hit by problems
NatWest has disclosed that issues with its online banking service that began on Friday were the result of a deliberate cyber-attack, but emphasised that customer data was not compromised.
The bank said a distributed denial of service (DDoS) attack made its online banking service difficult or impossible for customers to access for about 50 minutes on Friday morning.
The problems also affected customers of NatWest’s Royal Bank of Scotland (RBS) and Ulster Bank brands. The group has some 6.5 million customers.
The bank said it did not know who had carried out the attack or what their motives might have been. This is the second time in recent memory that RBS has been subjected to a DDoS, after a December 2013 attack that extended intermittently from a Thursday night to a Friday lunchtime.
The latest incident follows on the heels of an unrelated June issue that delayed the payment of up to 600,000 wages, benefits and direct debit transfers, and, like that problem, comes just at the moment that salaries are being paid.
Users vented their frustrations on Twitter, with one user writing, “I hope there’s no issues with payments again.”
“Can’t log in to #natwest yet again to check up on some transactions… and they want me to opt out of paper statements?! No chance,” wrote another.
NatWest initially responded to customers’ angry comments via Twitter with the statement: “We are aware of an issue with our online banking service, our tech team is looking into this as a matter of urgency.”
The bank said the problem had been resolved after lunchtime, and later disclosed that a cyber-attack had taken place.
Banks are increasingly being targeted by cyber-criminals who see them as a lucrative target for scams that aim to gain access to users’ accounts. Denial of service attacks aimed at banks are also increasingly common, with the FBI reporting more than 100 US banks and brokerages targeted by DoS incidents since April of this year.
In some cases the attacks are part of extortion schemes, according to security experts.
Are you a security pro? Try our quiz!