/>
X

Tesco's website restored after suspected cyberattack

Outage left customers frantically trying to cancel orders after turning to Tesco rivals for the week's groceries.
liam-tung.jpg
Written by Liam Tung, Contributing Writer on

UK supermarket giant Tesco has restored access to its website and app after an outage struck the service on Saturday, preventing customers from ordering or cancelling deliveries until Sunday evening.

In a statement to The Guardian, Tesco said that "an attempt was made to interfere with our systems, which caused problems with the search function on the site."

The retailer, whose 1.3 million online orders per week account for nearly 15% of its UK sales, said there was no reason to believe the attempted interference impacted customer data. 

SEE: These stealthy hackers avoid Windows but target Linux as they look to steal phone data

Tesco confirmed on Sunday evening that its website and app were now restored, but that it was using a virtual waiting room to handle a backlog in orders.  

"Our groceries website and app are back up and running. To help us manage the high volume we're temporarily using a virtual waiting room. We're really sorry for any inconvenience and thank you for your patience," Tesco said on Twitter

Tesco Bank was fined £16.4m by the UK's Financial Conduct Authority (FCA) over a 2016 incident in which cyber attackers stole £2.26m from 9,000 customers. The FCA found multiple flaws in the design of its debit card system. For example, Tesco Bank inadvertently issued debit cards with sequential primary account numbers (PANs). The company was also criticised for its slow response to the fraudulent transactions. 

Tesco grocery customers have complained about its handling of orders and cancellations during the website outage. Some customers said they were told on Saturday to cancel their orders, but subsequently were informed Tesco was unable to access or change any orders. Other customers reported on social media they were trying to beat the 11:45pm cut-off time to cancel orders after placing orders with rival supermarkets.  

In the US, the FBI recently warned that the food and agriculture sector was increasingly the focus of ransomware attacks that threatened to disrupt the food supply chain. It followed an attack on global meatpacking business JBS, which paid the attackers $11 million to restore access to encrypted data.   

Swedish grocery chain Coop was unable to take card payments at its stores for three days earlier this year after ransomware attackers targeted managed IT service providers via a tainted software update to Kaseya's products.

Tesco last year reissued 600,000 Clubcard cards after discovering a security issue that allowed attackers to use credentials from other platforms on its own websites to redeem vouchers. An increasingly common attack is known as password spraying, where lists of commonly used passwords are used to gain access to other unrelated accounts. 

Related

The Missing Cryptoqueen, book review: One coin to scam them all
The Missing Cryptoqueen

The Missing Cryptoqueen, book review: One coin to scam them all

Digital Assets
FBI, CISA warn over ransomware gang that can make million dollar demands
the-hands-of-a-computer-hacker-over-a-keyboard.jpg

FBI, CISA warn over ransomware gang that can make million dollar demands

Security
After Samsung Unpacked: What does the foldable phone market look like now?
Foldable and smartphone shipments (IDC)

After Samsung Unpacked: What does the foldable phone market look like now?

Smartphones