Once again, the importance of cyber security is on everyone’s minds as the UK's Tesco Bank has suspended online banking payments, following a breach of 40,000 accounts. Half of the affected accounts have had money withdrawn out of them, but the bank is assuring customers they will be refunded for all losses.
Over the weekend, thousands of customers overwhelmed the bank’s system by trying to get in touch with Tesco Bank’s customer support, following unauthorized money transfers. Around 20,000 accounts have had money stolen, according to Benny Higgins, the bank’s CEO. The bank, which has more than seven million customers, decided to stop online money transfers and payments until the situation is back under control, but chip and pin payments as well as ATM withdrawals are still accessible.
It’s currently unclear how this breach happened. Tesco Bank’s representatives haven’t made public any information on the breach, except to say that all the stolen cash will be refunded. However, security experts are warning that this attack may have come from different vectors both inside the company and outside of it. For example, Tesco Bank point-of-sale terminals may have been specifically targeted, or user data may have been accessed from inside of the company’s databases.
According to the law, banks must refund unauthorized payments alongside any interest or charges resulting from said payments, immediately. However, Tesco Bank customers have been publicly complaining that the bank is failing to do just that, offering only “goodwill” £25 temporary refunds for immediate needs.
Update: Tesco Bank has reached out to inform us that the issues have now been resolved and normal service reinstated. In total, the bank said, 9000 customers have had money taken out of their accounts, though the company insists that no personal data was compromised.
Tesco Bank says that all affected customers were reimbursed by Tuesday night, for a total estimated sum of £2.5 million. The company is continuing to work with authorities to determine how its security was breached and who is responsible.
The bank said:
Our first priority throughout this incident has been protecting and looking after our customers and we’d again like to apologise for the worry and inconvenience this issue has caused.
We’ve now refunded all customer accounts affected by fraud and lifted the suspension of online debit transactions so that customers can use their accounts as normal. We’d also like to reassure our customers that none of their personal data has been compromised.