A bank fell victim to a ransomware strike over the weekend, stealing sensitive data from tens of thousands of customers and crippling internal systems. Backup servers were also disabled, leaving the institution unable to recover records. The attackers exploited a third‑party flaw, mirroring the Marks & Spencer breach, and then encrypted the bank’s core network.

The breach set off a dual‑extortion scheme: hackers hold stolen customer information and demand £1 billion in cryptocurrency, while threatening to release the data if the bank refuses to pay. Toby Lewis of Darktrace labels it a “triple extortion attack” because individual customers may face direct ransom demands as well.

Meanwhile, Anthropic’s new AI model, Claude Mythos, uncovered thousands of high‑severity flaws in banking software, alarming regulators. Andrew Bailey of the Bank of England called Mythos a “very serious challenge,” and JPMorgan CEO Jamie Dimon warned that the vulnerabilities “need to be fixed.” The threat is that attackers could exploit zero‑day bugs before banks patch them.

Regulators mandate banks to conduct CBEST penetration tests and maintain operational resilience plans that cover third‑party failures. The Financial Services Compensation Scheme protects consumer deposits up to £120 000, while FCA guidance requires swift resolution of breaches. These safeguards aim to reassure investors that, despite sophisticated attacks, the banking sector remains resilient for the long term.