LONDON (Reuters) - Lloyds Banking Group is working with law enforcement agencies to trace who may be behind a cyber attack that caused intermittent outages for customers of its personal banking websites almost two weeks ago, according to a source familiar with the incident.
Britain’s largest mortgage lender was hit by a distributed denial of service (DDoS) attack on Jan. 11, which carried on for two days, according to the source.
The disruption, which involved bombarding the websites with huge volumes of traffic from multiple systems so they overload a server, left some customers temporarily unable to use services such as checking their balance or sending payments.
DDoS attacks have become common tools for cyber criminals trying to cripple businesses and organizations with significant online activities.
Such campaigns may be part of attempts to extract ransom from these organizations or part of efforts to distract security teams in order to find other ways to break into an organization’s network in order to grab customer data or steal money from accounts.
Lloyds said it would not speculate on the cause of the attack. No customers suffered any losses.
“Only a small number of customers experienced problems,” the bank said in a statement. “In most cases if customers attempted another log in they were able to access their accounts.”
Other banks have been hit by service outages in the past two years after their systems were breached by cyber attacks.
Tesco Bank, owned by Britain’s biggest retailer Tesco, halted online transactions from all current accounts in November after money was stolen from 20,000 of them in the country’s first such cyber heist.
British lawmakers have criticized both banks and regulators for doing too little to improve cyber security after a string of technical failures and breaches of banking systems.
Reporting by Andrew MacAskill, editing by Anjuli Davies and Louise Heavens