Tesco Bank says £2.5m was stolen from 9,000 customers in cyberattack

Banking services now back online as Tesco Bank says cyberattack affected fewer current account holders than initially suspected.

tesco-bank.jpg

Tesco has refunded 9,000 customers a combined total of £2.5m.

Image: Tesco Bank

A total of £2.5 million was stolen from 9,000 Tesco Bank customers in a sophisticated cyberattack last weekend, the bank has confirmed.

The bank has also said that all account services have now returned to normal after all online transactions for all of its 136,000 current account holders were frozen following what the bank called "online criminal activity" spotted over the weekend.

Tesco Bank blamed the incident on a "systematic, sophisticated cyberattack" but said personal data was not compromised as a result of the fraud.

"Our first priority throughout this incident has been protecting and looking after our customers and we'd again like to apologise for the worry and inconvenience this issue has caused," said Tesco Bank CEO Benny Higgins.

Twitter phishing campaign targets customers of all major UK banks

Cybercriminals are using social media to trick customers into handing over their online banking credentials.

Read More

The bank says it has finished refunding all current account customers who were victims of fraudulent online activity, with the cost of reimbursing 9,000 customers estimated to come to a total of £2.5 million.

Tesco Bank isn't going into details about how the cyberattack occurred, but confirmed it is continuing to work closely with the authorities and regulators in their criminal investigation of this incident.

The National Crime Agency, the Information Commissioner's Office, and the National Cyber Security Centre (NCSC) -- a newly launched arm of intelligence agency GCHQ -- are all investigating the attack.

"In the case of cyber related incidents, it can, on certain occasions, take a significant period of time to understand the incident given the technical complexities involved. So the story will emerge over time," said the NCSC.

Andrew Tyrie MP, chairman of the House of Commons Treasury Select Committee, says the Tesco Bank incident represents "just the latest in a long list of failures and breaches of banking IT systems, exposing many thousands of customers to uncertainty and disruption".

Tyrie will also be writing to Tesco Bank CEO Higgins to ask what actions are being taken to reduce the likelihood of a similar attack happening again. "We can't carry on like this," he said.

In total, Tesco Bank has seven million customers who use it for services including mortages, ISAs, and insurance. The bank launched its current account banking service in 2014.

Read more on cybercrime

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All