Several thousands of current account holders of Tesco Bank have been hit by fraudulent activity making this one of the first major cybercrime cases that has impacted a major bank. The bank has frozen over 40,000 accounts which were impacted by the crime and has promised to reimburse those who have reported loss of money from their accounts.
Benny Higgins, chief executive of the bank, which is a division of the supermarket chain giant Tesco said that the online transactions for current accounts were stopped as a precaution to protect customers. Around half of the 40,000 accounts impacted have seen unauthorized withdrawal of funds.
In a statement Higgins said
We apologise for the worry and inconvenience that this has caused for customers, and can only stress that we are taking every step to protect our customers’ accounts. That is why, as a precautionary measure, we have taken the decision today to temporarily stop online transactions from current accounts. This will only affect current account customers.
Financial Times
The bank has around 7 million customers and has been trying gain a foothold in the banking industry, battling giants like Lloyds, Barclay and HSBC with attractive offerings such as 3 percent interest on balances reaching £3,000 and permitting two accounts per customer. Higgins provided no information on how the breach occurred but said that the cause had been identified, calling it a sophisticated systemic attack. He added that Tesco was working with all relevant authorities to address the issue. He has also reassured customers that it will be compensating account holders who have suffered financial loss. Higgins stated that the bank’s customers would be regularly updated via direct communication and other channels such as Twitter, emails or website updates.
Customers had noticed suspicious activity in their accounts over the past weekend and reported it to the bank. The bank also sent text alerts to customers on Saturday warning them of fraudulent activities. Several customers have reported money missing, all the way up to £600.
UK’s regulatory body, the Financial Conduct Authority (FCA) is monitoring the issue. Tesco has also notified The National Crime Agency who could launch an investigation into the matter along with other relevant agencies. The Information Commissioner’s Office (ICO) has said that it is aware of incident and is examining the issue. The ICO spokesperson said that if there are indications of inadequate data protection measures within Tesco, it would launch a full investigation.
