November 9, 2016 by

Tesco Bank Confirms Stolen Funds from CyberAttack

A sophisticated cyberattack targeting Tesco Bank customers has seen a total of £2.5 million (approx. $3.11 million) stolen from some 9,000 customer accounts over the weekend.

At the time, Tesco Bank suspended all online banking services as a means to put a stop to tens of thousands of fraudulent transactions that took place during the weekend. All online transactions for all of its 136,000 current account holders were frozen by the bank.

Tesco Bank CEO Benny Higgins pointed to a “systematic, sophisticated cyberattack” while adding that no customer data was compromised as a result of the fraud, according to ZDNet.

In a statement, the chief executive added:

Our first priority throughout this incident has been protecting and looking after our customers and we’d again like to apologize for the worry and inconvenience this issue has caused.  

The bank added that it has already completed refunds toward all impacted current account holders, costing it a total of £2.5 million towards reimbursing 9,000 customers.

Meanwhile, the National Crime Agency, the Information Commissioner’s Office and the National Cyber Security Centre (NCSC), an arm of UK intelligence agency GCHQ, are all investigating the cyberattack. The unprecedented cyberattack sees a successful heist after the compromise of a bank’s core infrastructure. Tesco Bank has over seven million customers who use the bank for services including insurance and mortgages. The bank’s current banking service was only launched recently in 2014.

The UK has seen significant cybersecurity compromises this year, with the TalkTalk breach proving a notable example. Andrew Tyrie, a member of Parliament and chairman of the House of Commons Treasury Select Committee added that the Tesco bank compromise was “just the latest in a long list of failures and breaches of banking IT systems, exposing many thousands of customers to uncertainty and disruption.”

While the investigation carries on, there have been indications of any alleged hacker groups or cybercriminals behind the cyber-theft.

The NCSC stated:

In the case of cyber related incidents, it can, on certain occasions, take a significant period of time to understand the incident given the technical complexities involved. So the story will emerge over time.  

Image credit: Tesco Bank.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

UK Includes Digital Forensics in £20 Million Cybersecurity Program for Schools

The UK Government has launched a £20 million initiative to encourage school children to enter a...

Read more arrow_forward

Report: Nearly Half(!) of all UK Businesses Struck by Cyberattacks

Nearly half of all UK businesses have suffered a cyberattack or a breach in 2016, according to an...

Read more arrow_forward

Three Mobile Breach Affects over 133,827 Customer Accounts

A data breach targeting prominent UK mobile network provider Three Networks sees a total of 133,827...

Read more arrow_forward