Sign up for our newsletter
Technology / Cybersecurity

Tesco was warned before hack – claim cyber security firms

Tesco Bank was warned about criminals boasting on the dark web that they could easily steal money from the online bank in the weeks before it revealed that 9,000 accounts were breached and £2.5m stolen.

Reports in the said Cyberint, a security firm said it had found and warned Tesco Bank about conversations found on forums claiming that it was a ‘cash milking cow’ and that it was ‘easy to cash out.’

There is no evidence that he boasts and the subsequent large scale hack were linked.

Last week it issued prepared statements acknowledging the hack, apologising and saying that money had been refunded.

White papers from our partners

The FT reported that another company, Codified security said its researchers found vulnerabilities but were rebuffed when they tried to contact the bank.

Tesco told the FT that it received lots of approaches from consultants.

Other reports in the Sunday Times said that the money stolen had been used by a gang purchasing thousands of low priced goods using contactless mobile phone payments in Brazil and the US.

CBR asked experts what the Bank had to do next and if it were likely that any arrests would be made?


Tesco Issued the following statement on Nov 8th.

Tesco Bank announces full service has resumed for customers

Tesco Bank today confirmed normal service has resumed following the temporary suspension of online transactions from current accounts.

The Bank also confirmed that personal data was not compromised as a result of fraud that took place over the weekend of 5-6 November and that online transactions had been suspended to prevent criminal activity.

Tesco Bank CEO, Benny Higgins commented:

“Our first priority throughout this incident has been protecting and looking after our customers and we’d again like to apologise for the worry and inconvenience this issue has caused.

“We’ve now refunded all customer accounts affected by fraud and lifted the suspension of online debit transactions so that customers can use their accounts as normal.  We’d also like to reassure our customers that none of their personal data has been compromised.”

Tesco Bank has now confirmed around 9,000 customers were affected by these fraudulent transactions and all customers affected were fully reimbursed by the evening of Tuesday 8 November. The total cost of refunding these customers is estimated to be £2.5 million.

Tesco Bank confirmed it is continuing to work closely with the authorities and regulators in their criminal investigation of this incident.

Notes to editors

  1. Tesco Bank has 7.8 million customer accounts across the UK. 136,000 customers hold current accounts with the Bank, of these 9,000 were identified as being victims of fraud.
  1. Although services such as mobile banking, cash withdrawals, chip and pin payments, existing bill payments and direct debits have continued as normal throughout this incident, Tesco Bank suspended online debit transactions as a precautionary measure on Monday 7 November. This suspension has now been lifted and normal service was resumed for customers on Tuesday 8 November.

This article is from the CBROnline archive: some formatting and images may not be present.