News

Tesco Bank confirms online account breach, theft of funds

November 8, 2016

Tesco Bank Chief Executive Benny Higgins has confirmed an online attack on the bank's systems last weekend that, "in some cases, resulted in money being withdrawn fraudulently," according to a press release from the U.K.-based FI.

A report by the BBC said the bank blamed a "systematic sophisticated attack" for the breach, which is estimated to have involved approximately 40,000 customer accounts, half of which reportedly had money stolen.

As a result of the attack, the bank has disabled online transactions from debit accounts, the press release said:

As a precautionary measure, we took the decision on Sunday 6 November 2016 to temporarily stop online transactions from current accounts. This will only affect current account customers. While online debit transactions will not be available, current account customers will still be able to use their cards for cash withdrawals, chip and pin payments, and all existing bill payments and direct debits will continue as normal.

The bank also sought to reassure customers who had money taken that they would be made whole, and expect refunds to be completed by end of day Tuesday.

Tesco Bank has not divulged details of the attack, but Higgins is quoted by the BBC as saying bank management and authorities know "exactly" how it occurred.

The U.K.'s National Crime Agency and the Information Commissioner's Office, which regulates data, are both investigating the attack.

Tesco Bank was created in 2008 as a joint venture with the Royal Bank of Scotland, and is owned by the U.K.-based multinational grocery and general merchandise retailer Tesco PLC, one of the world's five largest retail chains.