"Our first priority throughout this incident has been protecting and looking after our customers and we'd again like to apologise for the worry and inconvenience this issue has caused," said Tesco Bank CEO Benny Higgins.
The bank says it has finished refunding all current account customers who were victims of fraudulent online activity, with the cost of reimbursing 9,000 customers estimated to come to a total of £2.5 million.
Tesco Bank isn't going into details about how the cyberattack occurred, but confirmed it is continuing to work closely with the authorities and regulators in their criminal investigation of this incident.
The National Crime Agency, the Information Commissioner's Office, and the National Cyber Security Centre (NCSC) -- a newly launched arm of intelligence agency GCHQ -- are all investigating the attack.
"In the case of cyber related incidents, it can, on certain occasions, take a significant period of time to understand the incident given the technical complexities involved. So the story will emerge over time," said the NCSC.
Andrew Tyrie MP, chairman of the House of Commons Treasury Select Committee, says the Tesco Bank incident represents "just the latest in a long list of failures and breaches of banking IT systems, exposing many thousands of customers to uncertainty and disruption".
Tyrie will also be writing to Tesco Bank CEO Higgins to ask what actions are being taken to reduce the likelihood of a similar attack happening again. "We can't carry on like this," he said.
In total, Tesco Bank has seven million customers who use it for services including mortages, ISAs, and insurance. The bank launched its current account banking service in 2014.