Thousands of Tesco Bank accounts raided by hackers
Image credit: Reuters
Tesco Bank has stopped online transactions on current accounts after a cyber-attack at the weekend resulted in money being stolen from 20,000 accounts.
The bank has neither provided any details about how the hack was carried out nor disclosed how much money has been stolen. However, the bank’s chief executive Benny Higgins gave assurances that the bank will compensate its clients for all losses including fees incurred in case of missing mortgage and other payments or slipping into overdraft as a result of money having been siphoned out.
“As a precautionary measure, we have taken the decision today to temporarily stop online transactions from current accounts,” Higgins said in a statement. “While online transactions will not be available, current account customers will still be able to use their cards for cash withdrawals, chip-and-pin payments, and all existing bill payments and direct debits will continue as normal.”
The bank said it first detected suspicious activity on Saturday 5 November. The total number of affected current accounts has reached 40,000 but only a half of the customers saw their money removed. Other types of accounts have not been affected.
“Any financial loss that results from this fraudulent activity will be borne by the bank,” Higgins pledged to BBC radio.
“It’s 20,000 customers; we think it would it be relatively small amounts that have come out but we’re still working on that.”
The bank, owned by supermarket chain Tesco, has 7.8 million customer accounts in total, including 136,000 current accounts.
Some of the clients who had received a text message from the bank about the suspicious activity on their accounts complained about the inability to reach Tesco Bank’s helpline.
“Now on my second attempt at contact by phone, 10 minutes was unacceptable but this time 54 minutes and counting is a serious failure and almost unbelievable,” one enraged customer complained. “Attempting to log any sort of complaint is virtually impossible despite the platitudes on the main web site about ‘making it easy to complain’.”
Another disappointed client revealed the amount stolen from his bank account was £20.63. He also said he has never used his card in an ATM or online.
The bank advised its clients who have not received any message to remain observant and report any suspicious activity on their accounts.
“If all transactions are familiar, it is highly likely that you have not been affected,” the bank said in a statement. “For those impacted we will re-issue you with a card within 7-10 days and until then you can continue to use your existing card for Chip & Pin transactions only.”
The hack is the first on a British bank that is known to have resulted in customers losing money. It has been reported previously that the UK banking sector is under a constant siege of cyber-attacks with millions of attacks of various levels of sophistication happening every month. Crime-fighting authorities have complained that banks tend to avoid reporting the attacks for fear of damage to their reputations.
The UK Financial Conduct Authority (FCA) registered 75 incidents of cyber-attacks reported by financial institutions in 2016: a 15-fold increase from 2014. This number, however, is believed to be only the very tip of the iceberg.
HSBC issued a series of apologies to customers earlier this year after its UK personal banking websites were shut down by a ‘denial of service’ attack, but no customer funds were at threat during that breach.