This is SO exhausting.
Quoting from https://www.theregister.co.uk/2019/04/24/gchq_licence_operate_cyberspace_public_trust/
In a wide-ranging speech, Fleming declared GCHQ "...will share intelligence with banks to enable them to alert customers to threats in close to real time."
Quoting from https://hackerone.com/reports/544027
"... I don't believe that the eonenergy.com or tescobank.com domains are covered by this program, as it is intended for UK government websites and systems only."
Quoting from https://hackerone.com/reports/500702
Mar 4th (2 months ago) ncsc-coordinated-disclosure changed the status to Triaged.
Apr 25th (4 days ago) ... The SPF record for the domain name has been deleted. The name itself has not.