Last weekend cyber criminals broke into the computer systems of Tesco bank and stole £2.5million from the current accounts of 9,000 customers, making it the largest ever cyber-attack on a UK bank to have resulted in a major loss of money. One in 15 of the bank’s 136,000 current accounts were affected.
The online bank was reportedly warned about the breach by some of the cybersecurity firms much before it took place. Companies had discovered posts on various dark web forums whose members had described the lender as being a “cash milking cow” and that it was “easy to cash out” but the online bank had ignored the warning.
However, after being hit by the breach Tesco Bank responded quickly by suspending all online debit transactions – including contactless card payments – to prevent further criminal activity though cashpoint withdrawals and the use of chip and PIN card payments were still permitted.
It is not yet clear if there is any link between the breach and the claims. The bank declined to give details of the crime.
Normal services resumed by November 08 and refunds were initiated.
According to a report in the Sunday times, the money stolen was used to purchase thousands of low-priced goods using contactless mobile phone payments in Brazil and the US.
Tesco Bank has said that it will work with authorities and regulators to investigate the ‘systemic and sophisticated attack’. Meanwhile, an investigation is being led by the National Crime Agency.