Big Hack At Tesco Bank – Money Vanished

Uploaded on 2016-11-08 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

Tesco Bank has halted online payments for current account customers after ‘over £10m’ was taken from 20,000 accounts.

The bank's chief executive Benny Higgins said he was "very hopeful" customers would be refunded within 24 hours. About 40,000 accounts saw suspicious transactions over the weekend, of which half had money taken, he said.

Customers will still be able to use their cards for cash withdrawals, chip and pin payments, and bill payments.

They can also use online banking, but cannot make online transactions until the situation is back under control, Mr Higgins told the BBC's Today programme. And an employee told CSI that over £10 m was thought to have been taken.

Earlier, the bank confirmed some accounts "have been subject to online criminal activity, in some cases resulting in money being withdrawn fraudulently". Mr Higgins also apologised for the "worry and inconvenience" that customers have faced.

One cybersecurity expert said this could be an unprecedented breach at a British bank. "I've not heard of an attack of this nature and scale on a UK bank where it appears that the bank's central system is the target," said Prof Alan Woodward, a security consultant who has worked with Europol.

Recently, customers complained about money being withdrawn without permission, cards being blocked and long delays to get through to the bank on the phone.

"Any financial loss that results from this fraudulent activity will be borne by the bank," Mr Higgins said. "Customers are not at financial risk."

Tesco has yet to use the word "hacking" to describe the breach. The bank has more than seven million customer accounts and 4,000 staff, based in Edinburgh, Glasgow and Newcastle.

Kevin Smith, from Blackpool, said he had lost £500 from one account and £20 from another. He said: "I was just about to go to bed when I received a text message from Tesco saying there had been fraud on my account. So of course you panic."

Alan Baxter, from Berwick-upon-Tweed, said he had lost £600, leaving him with just £21.88 in the bank. He said: "Tesco said they couldn't offer me emergency funds but would offer £25 as a goodwill gesture.

"I've got food and petrol to pay for. I have a delivery of coal coming tomorrow for our coal-fired heater and I won't be able to pay."

'Money has vanished'

Other customers complained on Tesco Bank's website and through social media about long delays when calling the company's customer service line to find out if their account was affected.

Mark Noakes, from Thrapston, told the BBC: "Looked at my account this morning to find a large hole! There was £2 in there; there should have been a lot more! "Finally got through to customer services to be told it would take 48 hours to sort as there had been a lot of transactions on my account that could not be linked to me or my wife.

"For such a big company they are not being professional. I'm doing well compared to some others as I have another bank account and this will all get sorted somehow."

Make no mistake, while Tesco Bank is stressing that relatively small amounts were taken from 20,000 accounts, this is a very serious security incident. All Tesco Bank will say is that it has been the victim of "online criminal activity" so we have little detail on the nature of the attack.

But what is different is that it involves tens of thousands falling victim in a 24-hour period to what appears to be an automated process, rather than individuals clicking on links in phishing emails or having their details stolen after downloading malicious software.

That could involve the attackers exploiting a vulnerability in the bank's website - or even gaining physical access to a branch and then the central systems. Whatever has happened, the damage to trust in Tesco Bank and online banking in general will be greater than the financial cost.

Action and arrests

A National Crime Agency (NCA) spokesman confirmed it leading the investigation into the case, but stressed there was "no set formula" for dealing with cyber-attacks, which tend to vary in terms of sophistication. "It will be investigated and hopefully that will lead to action and arrests," he said.

The UK's data regulator, the Information Commissioner's Office, also said it was looking into the case and could investigate if customers' personal data has not been kept secure.

Tesco Bank said: "We continue to work with the authorities and regulators to address the fraud and will keep our customers informed through regular updates on our website, Twitter, and direct communication."

Refund rules

UK bank customers have had money stolen from their online accounts by criminals before. Last year, the NCA warned internet users to protect themselves against a strain of malicious software, which had enabled criminals to steal an estimated £20m from UK bank accounts.

The Financial Conduct Authority says banks must refund unauthorised payments immediately, unless they have evidence that the customer was at fault or the payment was more than 13 months ago. Banks are also required to refund any charges or interest added to your account as a result of the fraudulent payments.

Tesco Bank has been owned by Tesco plc since 2008, after starting as a joint venture with Royal Bank of Scotland. Shares in Tesco fell 1% in morning trading.

BBC:                           Hackers Target All The Major UK Banks:
 

« Is The CIA Ready For Post-Election Chaos?
International Police Start Crackdown On The Darknet »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

TBG Security

TBG Security

TBG provides a portfolio of services including cyber security, compliance and continuity solutions.

Arista Networks

Arista Networks

Arista Networks is an industry leader in data-driven, client to cloud networking for large data center, campus and routing environments.

Span

Span

Span designs, develops and maintains information systems based on advanced technological solutions of global IT leaders.

CI-CERT

CI-CERT

CI-CERT is the national Computer Incident Response Team for Cote d'Ivoire.

Information System Authority (RIA) - Estonia

Information System Authority (RIA) - Estonia

RIA ensures the interoperability of the state’s information system, organises activities related to information security, and handles security incidents in Estonian computer networks.

AnChain.AI

AnChain.AI

AnChain.AI's analytics platform proactively protects crypto assets by providing proprietary artificial intelligence, knowledge graphs, and threat intelligence on blockchain transactions.

Ackcent Cybersecurity

Ackcent Cybersecurity

Ackcent's mission is to help our clients to protect their critical digital assets by providing them with a portfolio of specialised professional services.

Center for Infrastructure Assurance and Security (CIAS)

Center for Infrastructure Assurance and Security (CIAS)

CIAS is developing the world's foremost center for multidisciplinary education and development of operational capabilities in the areas of infrastructure assurance and security.

Digital Security by Design (DSbD)

Digital Security by Design (DSbD)

Digital Security by Design is an initiative supported by the UK government to transform digital technology and create a more resilient, and secure foundation for a safer future.

SNC-Lavalin

SNC-Lavalin

SNC-Lavalin is a fully integrated professional services and project management company with offices around the world.

PCCW Global

PCCW Global

PCCW Global is a leading communications service provider, offering mobility, voice and data solutions to multinational enterprises, telecomms partners, cloud and application service providers.

BugProve

BugProve

BugProve offers a firmware analysis tool that speeds up security testing processes and supports compliance needs by automating repetitive tasks and detecting 0-day vulnerabilities.

Accelerynt

Accelerynt

Accelerynt was founded with a singular purpose: help teams like yours build cybersecurity resilience.

Vernetzen

Vernetzen

Vernetzen is an industrial network and cybersecurity innovator focused on delivering practical solutions to connect and secure industry across the globe.

Apex iQ (ApexiQ)

Apex iQ (ApexiQ)

ApexiQ is a continuous asset assurance platform that empowers you with the confidence to make better data-driven decisions and take automated action to reduce your risk.

Affinity Technology Partners

Affinity Technology Partners

Affinity Technology Partners has been fueling the growth of Nashville, Tennessee businesses and nonprofits with reliable IT services since 2002.