Tesco Bank Accounts Hacked
Thousands of accounts are reported to have been affected and payment cards frozen after money was stolen from directly from the accounts of those banking with Tesco Bank. In a statement yesterday (Sunday 6th November) Tesco Bank confirmed the hack:
“Yesterday evening, we identified some suspicious activity in a small proportion of our customer’s current accounts. We have taken steps to protect these account holders and are contacting affected customers by text message. We can reassure our customers that they will not lose out as a result.”
It continued: “If you are concerned but have not received a text message, please check your account for any unusual transactions. If all transactions are familiar, it is highly likely that you have not been affected. For those impacted we will re-issue you with a card within seven-10 days and until then you can continue to use your existing card for chip and pin transactions only. We are sorry for any inconvenience.”
In the thousands but less than 10,000
With 7.8 million customer accounts, Tesco Bank speculated that the number of customers affected were in their thousands but less than ten thousand. But even with Benny Higgins, Tesco Bank CEO, promising that “any financial loss as a result of this activity will be resolved fully by Tesco Bank”, from news reports and comments by Teco Bank account holders on social media,the attack has left many account holders with problems this Monday morning with one mum saying yesterday that the problems meant she would be “unable to feed my kids in school tomorrow”.
At this moment there is ongoing investigation and we have no confirmation on how this attack has been carried out. What is known is that the fraudulent activity was indescriminate and may still not have been contained even as late as yesterday afternoon if, as some reports show, the bank had been alerted in the morning, yet customers still noticed more funds missing in the afternoon.
“The account is still leaking money which is quite worrying,” said another account holder. “We never used the cards for online purchases so this hasn’t come from us putting the card details on a website. This must have come from Tesco’s system” she speculated.
UPDATE
Further breaking reports this morning show that 20,000 accounts were affected. If Tesco bank gives each customer £25 to each (which it is reportedly offering) that would come to half a million pounds outlay over this event. At the time of writing, Tesco Bank are still not using the word ‘hacking’ to describe what has happened to them over the weekend. As a financial organisation, Tesco Bank will be under significant regulatory requirements especially in regard to protecting against cyber attacks. If this is found to be due to breached defences and undetected vulnerabilities, we should expect much more significant repercussions including significant fines.
Rising impact of cyber attacks on individuals
Banks are ever popular targets for cyber attacks. In the last couple of years cyber attacks like that on Bangladesh Bank, where $81 million USD was stolen from the central reserve, targeted the digital infrastructure of the targeted banks and exploiting weaknesses in the systems that connect banks to the global SWIFT (The Society for Worldwide Interbank Financial Telecommunication) network.
Swift Chief Executive Gottfried Leibbrandt shared warned of fresh attacks in a speech at the company’s annual Sibos conference in Geneva in September. “The attacks will continue and get more sophisticated. We are certainly not taking a break,” said Mr. Leibbrandt. “I believe that in cyber, only the paranoid survive.”
Whilst the sums being stolen are much smaller, the main thing that makes the attack on Tesco Bank different from the huge SWIFT-based attacks, is that this is much closer to home – not just that it’s an attack on a UK bank, but one that is directly on people’s accounts with immediate effects on their daily lives.
Infosec Partners can help
In today’s world, our lives are under attack like never before. The boundaries between our public, work and private lives have never been more blurred and our dependence on electronic communication and internet connectivity means there are many more avenues of attack for criminals who are actively targeting our personal and financial data, safety and reputation.
From significant global organisations to high profile individuals and families, Infosec Partners are trusted to optimise defences and protect against cyber attacks. Whether providing fully managed security services, independently testing your cyber readiness or providing crisis management and responding to incidents, Infosec Partners are proven partners of excellence and full-spectrum security experts that puts your security first.
Contact us today for more information and for your free consultation, by completing the adjacent form or call us to speak with one of our trusted advisors immediately:
+44 (0)1256 893662
