Hackers Steal Money from 20,000 Tesco Bank Customers

 Tesco Bank, the banking arm of the supermarket behemoth has suspended it online banking services while freezing all online transactions after cybercriminals siphoned money from customer accounts over the weekend.

Tesco Bank has suspended online payments after hackers managed to compromise its systems before stealing tens of thousands of dollars from tens of thousands of accounts, according to multiple reports.

The news broke earlier today after Sky News revealed that Tesco Bank had ‘temporarily suspended’ all online transactions following a cyberattack.

Tesco Bank has temporarily suspended all online transactions from current accounts following confirmation of an online hacking attack

— Sky News Newsdesk (@SkyNewsBreak) November 7, 2016

Conflicting reports reveal differing numbers of the accounts that have been conclusively compromised. Business Insider reports that Tesco Bank CEO told a radio program that 40,000 accounts had suspicious transactions. Furthermore, Higgins added that the amount of money stolen was a “big number, but not a huge number.”

Of that number, 20,000 account holders saw money stolen from their accounts over the weekend. As a result, Tesco Bank halted online payments for current account customers, adding that customers will still be able to use their cards for cash withdrawals and point-of-sale payments using chip and pin.

So far, the bank has confirmed that certain customer accounts “have been subject to online criminal activity, in some cases resulting in money being withdrawn fraudulently.”

Speaking to the BBC, one cybersecurity expert pinned the hack as an unprecedented breach. Professor Alan Woodward, a security consultant noted:

I’ve not heard of an attack of this nature and scale on a UK bank where it appears that the bank’s central system is the target.

Tesco Bank has over seven million customer accounts with some 4,000 staff. Higgins added he was “very hopeful” that customers would be refunded their stolen money within 24 hours.

Several impacted bank users took to social media, understandably worried about their missing money.

£1600 taken from my @tescobankhelp account! This is not acceptable. No txt message from you & can’t get through on phone. Please advise.

— Akshay Kumar (@inhis30s) November 6, 2016

@paullewismoney@tescobank text and email received. Logged online and £2000 missing from the account. Helpline not picking up. Worried!!!

— Ajeet Khatri (@AjeetKhatri) November 6, 2016

Cliff Moyce, a cybersecurity expert and head of financial services at tech consultancy DataArt weighed in on the cyber-thieves’ strategy to target the bank on a weekend.

The clever part was doing it over the weekend when banks are typically understaffed, and will respond more slowly. Automated fraud detection systems appear to have worked well, but a lack of people at desks will not have helped.

Image from Shutterstock.

Samburaj is the contributing editor at Hacked and keeps tabs on science, technology and cyber security.