Around 9,000 Tesco Bank customers had their accounts raided by hackers last week, with an estimated total of £2.5 million stolen.
Worried about fraud?
Learn the tell-tale signs and how to protect yourselfAnti-fraud tips
Tesco Bank confirmed “fraudulent criminal activity” was first identified late on Saturday 5 November. The bank froze online payments until Tuesday 8 November.
Meanwhile, customers reported their accounts missing sums of money up to £700.
Tesco Bank has yet to disclose the full details of the hack, but there are a few theories on what may have happened:
- Hackers broke through the bank’s security systems and took the money directly. This is the most unlikely theory and many security experts don’t think criminals have the ability to do this, however it would have alarming implications for the entire UK banking industry if this is what happened.
- Fraudsters obtained Tesco Bank customer’s details with a an email phishing scam. Phishing is one of the most common scam types, where customers are tricked into sharing details with a fraudulent imitation of a bank. If this is the case, this would be one of the biggest successful phishing scams ever to the UK.
- Fraudulent employees within the bank disclosed details to hackers. Whilst all bank employees undergo criminal background checks before being employed, it could be possible this was an inside job perpetrated by rogue employees.
Tesco Bank, the Financial Conduct Authority (FCA), the National Crime Agency and GCHQ’s National Cyber Security Centre are currently investigating the case.
All of Tesco Bank’s customers were fully reimbursed by the end of the week, and they stated “that personal data was not compromised as a result of fraud that took place over the weekend of 5-6 November”.
Millions remain exposed
While the Tesco bank cyber security breach is “unprecedented”, experts are concerned there may be more to follow in the banking sector.
Andrew Bailey, Chief Executive of the FCA, commenting on the Tesco breach to a parliamentary select committee said:
“Millions of customers remain unnecessarily exposed to the risks of IT failures, including delays in paying bills and an inability to access their own money. We can’t carry on like this.”
Your rights if you’ve been hacked
If money has been stolen from your bank account, you should be refunded as soon as possible by your bank. Your rights are protected as part of the Payment Services Regulations.
While most of the time your bank will take immediate action around any fraud, as happened with Tesco bank, you should notify your bank the moment you notice suspicious, as you may be held liable for unauthorised withdrawals up to a maximum of £50.
It’s important to stay vigilant
Tashema Jackson, money expert at uSwitch.com, said:
“It’s important that consumers stay vigilant and keep their eyes peeled for any suspicious activity. Tesco Bank customers who have had their online payments frozen should contact the company or person they’re paying, and let them know there may be a delay.
“This is especially important for those making credit card, loan, or mortgage repayments, as failure to make that payment could impact your credit file.”
Are you Scam Aware?
Learn the tell-tale signs of fraud and how to protect yourself with the uSwitch anti-fraud campaignAnti-fraud tips
Check your credit report
Checking your credit report regularly is a good way to keep an eye on your finances and try to avoid being a fraud victim.