Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Essential Retail Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Tesco Bank pays out £2.5m refunding customers after cyber attack

Tesco Bank has confirmed that normal service has resumed across all of its services, following the cyber attack it experienced at the weekend.

The temporary suspension of online transactions from current accounts, which was put in place as Tesco Bank addressed the situation this week, has now been lifted. Tesco Bank said that by yesterday evening all of the approximate 9,000 customers who lost money as a result of the fraudulent activity had been refunded at an estimated cost of around £2.5 million.

It was also confirmed that personal data was not compromised as a result of fraud and online transactions were suspended to prevent criminal activity.

Benny Higgins, CEO of Tesco Bank, remarked: "Our first priority throughout this incident has been protecting and looking after our customers and we'd again like to apologise for the worry and inconvenience this issue has caused."

Tesco Bank, which has 7.8 million customer accounts across the UK and 136,000 customers who hold current accounts with the bank, confirmed it is continuing to work closely with the authorities and regulators in their criminal investigation of this incident.

Security experts have speculated the Tesco hacking incident may be the result of an inside job or a failure in internal processes, while it has been suggested that City regulators could fine Tesco Bank if failures in security and controls are exposed.

Professor Roy Isbell, the Institution of Engineering and Technology's (IET) cyber security expert, said: "While it's inevitable that everyone will now point the finger at Tesco's leadership for this security breach, it's worth bearing in mind that most organisations in the UK could find themselves in a similar position.

"Any organisation is at risk of being hacked today, however good their security measures. This is mainly because, while most have plans for how to cope with a hacking incident, few actually practice those plans or give sufficient thought to how to continually educate and train their staff – starting with the induction process.

"It's not uncommon for organisations to invest millions in cyber security technology countermeasures and protection, to only have this technology bypassed by an unwitting insider who succumbs to a social engineering attack. All staff have to be trained in how to recognise these attacks. There is a tendency to forget that even the most sophisticated cyber security plans can easily unravel if people at all levels of the organisation, including its leadership, are not fully aware of the latest trends and threats."