A sophisticated cyberattack targeting Tesco Bank customers has seen a total of £2.5 million (approx. $3.11 million) stolen from some 9,000 customer accounts over the weekend.
At the time, Tesco Bank suspended all online banking services as a means to put a stop to tens of thousands of fraudulent transactions that took place during the weekend. All online transactions for all of its 136,000 current account holders were frozen by the bank.
Tesco Bank CEO Benny Higgins pointed to a “systematic, sophisticated cyberattack” while adding that no customer data was compromised as a result of the fraud, according to ZDNet.
In a statement, the chief executive added:
Our first priority throughout this incident has been protecting and looking after our customers and we’d again like to apologize for the worry and inconvenience this issue has caused.
The bank added that it has already completed refunds toward all impacted current account holders, costing it a total of £2.5 million towards reimbursing 9,000 customers.
Meanwhile, the National Crime Agency, the Information Commissioner’s Office and the National Cyber Security Centre (NCSC), an arm of UK intelligence agency GCHQ, are all investigating the cyberattack. The unprecedented cyberattack sees a successful heist after the compromise of a bank’s core infrastructure. Tesco Bank has over seven million customers who use the bank for services including insurance and mortgages. The bank’s current banking service was only launched recently in 2014.
The UK has seen significant cybersecurity compromises this year, with the TalkTalk breach proving a notable example. Andrew Tyrie, a member of Parliament and chairman of the House of Commons Treasury Select Committee added that the Tesco bank compromise was “just the latest in a long list of failures and breaches of banking IT systems, exposing many thousands of customers to uncertainty and disruption.”
While the investigation carries on, there have been indications of any alleged hacker groups or cybercriminals behind the cyber-theft.
The NCSC stated:
In the case of cyber related incidents, it can, on certain occasions, take a significant period of time to understand the incident given the technical complexities involved. So the story will emerge over time.
Image credit: Tesco Bank.