Retailer Tesco PLC’s banking arm on Tuesday said that £2.5 million (US$3 million) had been stolen from 9,000 customers over the weekend in what cyberexperts said was the first mass hacking of accounts at a Western bank.
Tesco Bank said it had resumed full service after the theft, which forced the suspension of online transactions on Monday.
“We’ve now refunded all customer accounts affected by fraud and lifted the suspension of online debit transactions so that customers can use their accounts as normal,” Tesco Bank CEO Benny Higgins said in a statement.
The bank, whose operating income has accounted for as much as a quarter of Tesco’s total in some years, added that no customer data had been compromised.
The National Cyber Security Centre (NCSC), a new government body, on Tuesday said that it was working with criminal investigators and Tesco to understand the nature of an attack described as “unprecedented” by the financial regulator.
The NCSC and National Crime Agency said they could not remember another confirmed case where thieves had stolen large sums of money via a mass hacking of accounts at a Western bank.
The bank has provided few details about what happened. It is not clear how online thieves broke into the bank, how they pulled out the funds or how much was stolen. It is also not clear if there are any suspects.
A spokeswoman for Tesco declined to comment beyond its previous statement on Monday.
Cyberexperts said that smaller banks, like Tesco’s, are more vulnerable to attack than global financial institutions, which have bigger cybersecurity budgets.
JPMorgan, for example, has disclosed that it spends about US$600 million on cybersecurity annually.
“Smaller and medium-sized companies may be more vulnerable; many of them have not invested properly in security measures and an incident like this should stimulate them to think again,” said Sergio Romanets, a cybersecurity expert at consultant Greyspark Partners in London.
Cyber and information technology (IT) security risks have received little coverage in Tesco Bank’s most recent annual report, according to a Reuters analysis, with just one mention — saying “of note is the industry-wide attention on cyber-crime”.
Rival J. Sainsbury PLC’s bank unit and Metro Bank PLC, two other smaller “challenger” banks in Britain, each mention cyber and information security at least three times in their most recent annual reports. By contrast, among the nation’s biggest banks, Santander UK has at least 49 mentions, Barclays at least 14 and Lloyds 32.
Tesco Bank runs on separate IT systems from the group’s retail unit. The lender was originally set up as a joint venture with Royal Bank of Scotland (RBS) and Tesco PLC in 1997, before becoming wholly owned by the retailer in 2008.
US financial technology provider Fiserv provides its online retail banking platform and its financial crime prevention system, according to Fiserv’s Web site.
“There is no indication that our software or services were involved in the incident that Tesco Bank experienced over the weekend. Nonetheless, we are offering our support in whatever manner will be helpful to Tesco Bank,” a spokeswoman for Fiserv said in an e-mailed statement.
Tesco Bank has spent £500 million building up its technology platform over the past seven years since the split with RBS, accounts showed.
Britain’s financial regulator sought to reassure the public that financial authorities were working to understand the nature of the attack.
On Monday, British lawmaker Andrew Tyrie, chair of parliament’s powerful finance committee, said both banks and regulators had done too little to improve cybersecurity.
Reported attacks on financial institutions in Britain have risen from just five in 2014 to more than 75 so far this year, according to Financial Conduct Authority data, but bank executives and providers of security systems say many attacks go unreported.
MULTIFACETED: A task force has analyzed possible scenarios and created responses to assist domestic industries in dealing with US tariffs, the economics minister said The Executive Yuan is tomorrow to announce countermeasures to US President Donald Trump’s planned reciprocal tariffs, although the details of the plan would not be made public until Monday next week, Minister of Economic Affairs J.W. Kuo (郭智輝) said yesterday. The Cabinet established an economic and trade task force in November last year to deal with US trade and tariff related issues, Kuo told reporters outside the legislature in Taipei. The task force has been analyzing and evaluating all kinds of scenarios to identify suitable responses and determine how best to assist domestic industries in managing the effects of Trump’s tariffs, he
TIGHT-LIPPED: UMC said it had no merger plans at the moment, after Nikkei Asia reported that the firm and GlobalFoundries were considering restarting merger talks United Microelectronics Corp (UMC, 聯電), the world’s No. 4 contract chipmaker, yesterday launched a new US$5 billion 12-inch chip factory in Singapore as part of its latest effort to diversify its manufacturing footprint amid growing geopolitical risks. The new factory, adjacent to UMC’s existing Singapore fab in the Pasir Res Wafer Fab Park, is scheduled to enter volume production next year, utilizing mature 22-nanometer and 28-nanometer process technologies, UMC said in a statement. The company plans to invest US$5 billion during the first phase of the new fab, which would have an installed capacity of 30,000 12-inch wafers per month, it said. The
Taiwan’s official purchasing managers’ index (PMI) last month rose 0.2 percentage points to 54.2, in a second consecutive month of expansion, thanks to front-loading demand intended to avoid potential US tariff hikes, the Chung-Hua Institution for Economic Research (CIER, 中華經濟研究院) said yesterday. While short-term demand appeared robust, uncertainties rose due to US President Donald Trump’s unpredictable trade policy, CIER president Lien Hsien-ming (連賢明) told a news conference in Taipei. Taiwan’s economy this year would be characterized by high-level fluctuations and the volatility would be wilder than most expect, Lien said Demand for electronics, particularly semiconductors, continues to benefit from US technology giants’ effort
‘SWASTICAR’: Tesla CEO Elon Musk’s close association with Donald Trump has prompted opponents to brand him a ‘Nazi’ and resulted in a dramatic drop in sales Demonstrators descended on Tesla Inc dealerships across the US, and in Europe and Canada on Saturday to protest company chief Elon Musk, who has amassed extraordinary power as a top adviser to US President Donald Trump. Waving signs with messages such as “Musk is stealing our money” and “Reclaim our country,” the protests largely took place peacefully following fiery episodes of vandalism on Tesla vehicles, dealerships and other facilities in recent weeks that US officials have denounced as terrorism. Hundreds rallied on Saturday outside the Tesla dealership in Manhattan. Some blasted Musk, the world’s richest man, while others demanded the shuttering of his