"The Money Has Vanished": Tesco Bank Halts Online Payments After Cash Taken Out Of 20,000 Accounts
While we doubt this particular intrusion will be blamed on Russian hackers, thousands of British citizens were unable to access their money today when Tesco Bank, the lending arm of the U.K.’s biggest grocer, said it suspended online transactions after about 20,000 customers had money fraudulently taken from their accounts. Tesco Bank has more than 7 million customer accounts in total across a range of products like insurance and mortgages.
According to Bloomberg, about 40,000 of the bank’s 136,000 checking account holders experienced suspicious transactions over the weekend, Tesco Bank Chief Executive Officer Benny Higgins told BBC Radio 4’s Today program. Roughly half, or 20,000, had money taken from their account. The problem has only affected checking accounts, a representative for the bank said. Customers can still use their account to withdraw money from cash machines or to pay for goods at a retailer, Higgins said. Any financial loss will be borne by the bank and customers are not at financial risk, he said.
Tesco has yet to use the word "hacking" to describe the breach, and CEO Higgins added tbat he was "very hopeful" customers would be refunded within 24 hours.
All Tesco Bank will say is that it has been the victim of "online criminal activity" so there was little detail on the nature of the attack, the BBC noted. But what is different is that it involves tens of thousands falling victim in a 24 hour period to what appears to be an automated process, rather than individuals clicking on links in phishing emails or having their details stolen after downloading malicious software.
That could involve the attackers exploiting a vulnerability in the bank's website - or even gaining physical access to a branch and then the central systems. Whatever has happened, the damage to trust in Tesco Bank and online banking in general will be greater than the financial cost.