Tesco Bank accounts frozen as cash taken from 20,000

News by Max Metzger

A cyber-attack over the weekend has stolen large sums of cash from tens of thousands of Tesco Bank Online customers, leading the bank to freeze customer accounts

Tesco Bank has frozen online banking transactions after 20,000 of its customers had money stolen from them over the weekend.

The ‘precautionary measure' was taken after around 40,000 customers of the supermarket's retail finance arm are alleged to have had suspicious activity on their current account. Of that, 20,000 are known to have reported money taken from their accounts without their consent.

Online transactions have been frozen by the bank to stem further potential thefts from current accounts. Benny Higgins, chief executive of the bank said in a statement that "as a precautionary measure, we have taken the decision today to temporarily stop online transactions from current accounts."

A statement posted on the Tesco Bank's website, said that “current account customers will still be able to use their cards for cash withdrawals, chip and pin payments, and all existing bill payments and direct debits will continue as normal.” Tesco Bank has also declared that it will refund customers who had money stolen.

While some have billed this as one of the ‘most serious' cyber heists to hit the banking sector, Javvad Malik, security advocate at Alien Vault told SCMagazineUK.com that this kind of heist is not quite an existential threat to online banking: “online banking is generally safe enough and fit for purpose. There are improvements being made, with many banks deploying card-reader or one-time-password tokens to customers which are needed to logon or to pay a new account. I say safe enough, because there is compensation, insurance, and other coverage in place. So as long as customers are refunded their money, and the losses remain within the banking fraud appetite, it remains a viable business model.”

That said, not much is yet known about the heists or exactly how many of the 136,000 current accounts that Tesco Bank holds have been compromised, but Malik has an idea. He told SC it is “likely that a main banking system that was compromised. I wouldn't be surprised if it turns out to be linked to either a compromised third party or an insider.”

It looks quite different to Ben Gidley, director of technology at Irdeto who told SC that “it is likely that some kind of hack targeting their customer's computer and/or mobile device was responsible for the cyber-attack given that only some accounts were breached. If a hacker was able to gain access to the bank server then the attack could have been much more devastating.”

Jamie Graves, CEO of ZoneFox suspects a third party is at fault here: “Many suggestions are pointing towards the fact a third-party retail partner was compromised. What is worrying for Tesco is that the now infamous Target breach in 2013 followed a similar trend and of course resulted in record amounts of customer information being compromised.”

“What is clear here is that the issue of supply chain or partner security is very real and very serious, given these partners can have a great deal of access to an organisation like Tesco's network. This effectively makes them an ‘insider' or ‘trusted party' within the walls of that company.”

Whatever the answer, financial institutions, filled with other people's money, provide rich pickings for cyber-criminals, . They'll try any number of tactics to get at that money. In this case, notes Andrew Bushby, UK director at Fidelis Cybersecurity, “What's noteworthy about this particular breach is how it was handled over the weekend.  While the customer service team at Tesco most likely did it all it could to advise customers, it simply didn't have enough resources to keep up with the flurry of concern both via phone and social media.” Tesco Bank did not respond for comment. 

See the SC Blog for more analysis of this story.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews