Money stolen from 20,000 Tesco Bank customers in hack attack
Nearly 20,000 Tesco Bank customers have had money stolen from their accounts in what is thought to be the most serious hack on the UK banking sector in recent history.
The bank said it is working to refund all affected customers after money was fraudulently withdrawn from 20,000 of its 136,000 current accounts over the weekend. Meanwhile, suspicious activity was tracked across 40,000 of its customer accounts.
Online transactions have been temporarily frozen as part of emergency security measures.
A spokesman would not disclose the total amount that has been stolen from the accounts, adding that the incident is currently being treated as a "criminal investigation".
"Tesco Bank can confirm that, over the weekend, some of its customer current accounts have been subject to online criminal activity, in some cases resulting in money being withdrawn fraudulently," chief executive Benny Higgins said in a statement.
Mr Higgins said customers affected by the block will still be able to withdraw cash and use other services like chip and pin payments, while bill payments and direct debits "will continue as normal".
Mr Higgins issued an apology to customers and said the bank would refund customers as soon as possible.
"We can reassure customers that any financial loss as a result of this activity will be resolved fully by Tesco Bank. This afternoon we began the process of refunding all customer current accounts that have been subjected to online criminal activity and we expect this process to be completed by the end of tomorrow."
Ashley Winton, a data protection and privacy partner at law firm Paul Hastings, said the proportion of accounts affected by the hack makes it a "very significant breach," adding that the typical hack tends to impact around 5-10% of customer accounts.
Based on the account tallies provided by Tesco Bank, over 14% of customer accounts have been breached.
Peter Roe, of IT analyst firm TechMarketView, said: ' "This looks like the most serious, and certainly the most visible, of the various difficulties suffered by the UK banking sector in recent times. The number of accounts affected suggests that this is a systemic failure of security around Tesco's core database."
The bank is now working with authorities and regulators including the Financial Conduct and National Crime Agency to address the circumstances regarding the attack.
Meanwhile, Treasury Committee chairman and Tory MP Andrew Tyrie said he will be writing to Tesco's chief executive to find out what went wrong and what steps are being taken to reduce the likelihood of a similar hack happening again.
He said: "This is just the latest in a long list of failures and breaches of banking IT systems, exposing many thousands of customers to uncertainty and disruption."
Mr Tyrie added: "Making sure that banks improve their IT systems, and their resilience to cybercrime, is also a responsibility of regulators. We will raise this issue with them again shortly. We can't carry on like this."