Menu
Browse

Cyber Incident Victim: NatWest

Date:

Jul 2015

Location:

United Kingdom

Summary

A banking group experienced a Distributed Denial of Service attack disrupting online services for nearly an hour, preventing customers from accessing accounts during a peak period when monthly salaries were being processed. The incident, which did not compromise account security, marked the fifth online banking outage in three years for the institution, following a similar cyber attack and recent technical issues that previously delayed payments and stranded customers without access to funds.

CIA Posture Motives Tactics, Techniques & Procedures
Available to members 6 motives 1 technique
Threat Actors Type Location
0 actors Available to members Available to members

Description

On July 31, 2015, RBS Banking Group experienced a cyber attack disrupting online services for customers of NatWest, RBS, and Ulster Bank brands during a critical payday period. The incident began in the morning as customers attempted to access accounts to verify salary deposits, with widespread login difficulties reported across digital platforms. RBS confirmed the disruption stemmed from a Distributed Denial of Service (DDoS) attack lasting approximately 50 minutes, where attackers flooded bank systems with excessive traffic from multiple compromised computers. This deliberate overload caused service degradation but did not breach account security or expose customer data. The timing exacerbated frustrations, as the outage coincided with monthly payroll processing when transaction volumes typically peak. Initial customer complaints surfaced on social media platforms like Twitter, with users accusing the bank of recurring technical failures. NatWest's customer service team acknowledged the problem via Twitter around midday, stating technical staff were urgently investigating. Full service restoration occurred after lunchtime, though some customers reported access issues persisting beyond the official resolution timeframe.

Cyber Incident Image

This marked RBS Group's second confirmed DDoS incident following a similar December 2013 attack that disrupted services over parts of a Thursday night and Friday lunchtime. The 2015 attack represented the fifth online banking failure for RBS/NatWest within three years and the second major outage in six weeks. A June 2015 IT failure had previously affected 600,000 transactions, leaving wages, benefits, and direct debits unprocessed over a weekend. While RBS assured customers that attack mitigation measures prevented financial losses or data compromise, the bank did not identify perpetrators or motives. Post-resolution communications emphasized normal service restoration without detailing technical countermeasures. Historical patterns indicated systemic vulnerabilities, with recurring incidents eroding customer trust despite assurances of transactional safety during each disruption.

Sources
Sources available to members
1 source