Tesco Bank blames cyber attack for account loses

Tesco Bank’s chief executive has attributed “a systematic, sophisticated strike” for the cash taken from 20,000 of its customer accounts.
Benny Higgins said the bank knew “exactly” what the attack was, but cannot say more because it was part of a criminal investigation.
He said all affected customers would be refunded by the end of Tuesday.

About 40,000 accounts saw questionable transactions over the weekend, of which half had cash taken .
But it said customers would still be able to use their cards for cash withdrawals and chip and pin payments, while direct debits and bill payments would continue as normal.

“We are working hard to resume regular service on current accounts as soon as possible,” said Mr Higgins.
Earlier, the bank confirmed some accounts “have been subject to on-line criminal action, in some cases resulting in money being withdrawn fraudulently”.
Mr Higgins also apologised for the “worry and irritation” that customers have faced.

One cybersecurity expert said this could be an unprecedented breach at a British bank.

“I have not learned of an attack of this nature and scale on an UK bank where it appears the bank’s central system is the target,” said Prof Alan Woodward, a security consultant who has worked with Europol.
Over the weekend, customers complained about cards, money being drawn without permission and long delays to get through to the bank on the phone.
“Customers are not at financial risk.”

The bank has greater than seven million customer accounts and 4,000 staff, based in Edinburgh, Glasgow and Newcastle.