The Financial Times says Tesco Bank ignored warnings about their cyber weakness, which led to around 9,000 customers loosing £2.5m from their accounts.
Customer Apology and Update
Normal service resumed at Tesco Bank on Wednesday 9 November 2016 following the temporary suspension of online debit transactions from current accounts on Monday 7 November 2016.
We have refunded all customer accounts which were affected by the fraud on 5/6 November and are taking every step to compensate anyone who has been out of pocket as a result of the incident.
We are limited by what we can say publicly about how the attack took place, as this is still a criminal investigation, but we want you to know that the security and protection of your money and information remains our number one priority.
Thank you for your ongoing patience, and again, let me apologise for the inconvenience caused. We will do everything it takes to ensure you can have confidence in Tesco Bank.
In addition, the FT says the banks was also the subject of an earlier attack orchestrated by a criminal gang who purchased low-priced goods using contactless mobile phone payments at retailers in Brazil and USA.
Cybersecurity company Cyberint said it had discovered posts on a variety of dark web forums whose members had described the lender as being a “cash milking cow” and “easy to cash out”.
It is not clear, however, whether there is any link between these claims and the money stolen just over a week ago.
Fiserv, who were mentioned in the earlier post on the latest attack told me:
We can confirm that Tesco Bank is a client. We have been made aware of the incident mentioned in your blog. Neither Fiserv software nor our services were involved in the incident that Tesco Bank experienced over the weekend of 5 November. Nonetheless, we are offering our support in whatever manner will be helpful to Tesco Bank.