Retailer Tesco PLC’s banking arm on Tuesday said that £2.5 million (US$3 million) had been stolen from 9,000 customers over the weekend in what cyberexperts said was the first mass hacking of accounts at a Western bank.
Tesco Bank said it had resumed full service after the theft, which forced the suspension of online transactions on Monday.
“We’ve now refunded all customer accounts affected by fraud and lifted the suspension of online debit transactions so that customers can use their accounts as normal,” Tesco Bank CEO Benny Higgins said in a statement.
The bank, whose operating income has accounted for as much as a quarter of Tesco’s total in some years, added that no customer data had been compromised.
The National Cyber Security Centre (NCSC), a new government body, on Tuesday said that it was working with criminal investigators and Tesco to understand the nature of an attack described as “unprecedented” by the financial regulator.
The NCSC and National Crime Agency said they could not remember another confirmed case where thieves had stolen large sums of money via a mass hacking of accounts at a Western bank.
The bank has provided few details about what happened. It is not clear how online thieves broke into the bank, how they pulled out the funds or how much was stolen. It is also not clear if there are any suspects.
A spokeswoman for Tesco declined to comment beyond its previous statement on Monday.
Cyberexperts said that smaller banks, like Tesco’s, are more vulnerable to attack than global financial institutions, which have bigger cybersecurity budgets.
JPMorgan, for example, has disclosed that it spends about US$600 million on cybersecurity annually.
“Smaller and medium-sized companies may be more vulnerable; many of them have not invested properly in security measures and an incident like this should stimulate them to think again,” said Sergio Romanets, a cybersecurity expert at consultant Greyspark Partners in London.
Cyber and information technology (IT) security risks have received little coverage in Tesco Bank’s most recent annual report, according to a Reuters analysis, with just one mention — saying “of note is the industry-wide attention on cyber-crime”.
Rival J. Sainsbury PLC’s bank unit and Metro Bank PLC, two other smaller “challenger” banks in Britain, each mention cyber and information security at least three times in their most recent annual reports. By contrast, among the nation’s biggest banks, Santander UK has at least 49 mentions, Barclays at least 14 and Lloyds 32.
Tesco Bank runs on separate IT systems from the group’s retail unit. The lender was originally set up as a joint venture with Royal Bank of Scotland (RBS) and Tesco PLC in 1997, before becoming wholly owned by the retailer in 2008.
US financial technology provider Fiserv provides its online retail banking platform and its financial crime prevention system, according to Fiserv’s Web site.
“There is no indication that our software or services were involved in the incident that Tesco Bank experienced over the weekend. Nonetheless, we are offering our support in whatever manner will be helpful to Tesco Bank,” a spokeswoman for Fiserv said in an e-mailed statement.
Tesco Bank has spent £500 million building up its technology platform over the past seven years since the split with RBS, accounts showed.
Britain’s financial regulator sought to reassure the public that financial authorities were working to understand the nature of the attack.
On Monday, British lawmaker Andrew Tyrie, chair of parliament’s powerful finance committee, said both banks and regulators had done too little to improve cybersecurity.
Reported attacks on financial institutions in Britain have risen from just five in 2014 to more than 75 so far this year, according to Financial Conduct Authority data, but bank executives and providers of security systems say many attacks go unreported.
Taiwan Semiconductor Manufacturing Co (TSMC, 台積電) yesterday obtained the government’s approval to inject an additional US$7.5 billion into its US subsidiary, the Department of Investment Review said in a statement. The department approved TSMC’s application of investing in TSMC Arizona Corp, which is engaged in the manufacturing, sales, testing and design of IC and other semiconductor devices, it said. The latest capital injection follows a US$5 billion investment for TSMC Arizona approved in June. The chipmaker has broken ground on two advanced fabs in Arizona with aggregated investments approved by the department totaling US$24 billion thus far. According to TSMC, the first Arizona
PROTECTIONISM: China hopes to help domestic chipmakers gain more market share while preparing local tech companies for the possibility of more US sanctions Beijing is stepping up pressure on Chinese companies to buy locally produced artificial intelligence (AI) chips instead of Nvidia Corp products, part of the nation’s effort to expand its semiconductor industry and counter US sanctions. Chinese regulators have been discouraging companies from purchasing Nvidia’s H20 chips, which are used to develop and run AI models, sources familiar with the matter said. The policy has taken the form of guidance rather than an outright ban, as Beijing wants to avoid handicapping its own AI start-ups and escalating tensions with the US, said the sources, who asked not to be identified because the
Her white-gloved, waistcoated uniform impeccable, 22-year-old Hazuki Okuno boards a bullet train replica to rehearse the strict protocols behind the smooth operation of a Japanese institution turning 60 Tuesday. High-speed Shinkansen trains began running between Tokyo and Osaka on Oct. 1, 1964, heralding a new era for rail travel as Japan grew into an economic superpower after World War II. The service remains integral to the nation’s economy and way of life — so keeping it dazzlingly clean, punctual and accident-free is a serious job. At a 10-story, state-of-the-art staff training center, Okuno shouted from the window and signaled to imaginary colleagues, keeping
STRATEGIC PARTNERSHIP: The plant would make infrared, gallium nitrade and silicon carbide chips as India attempts to develop a semiconductor value chain The US and India reached an agreement to work together on setting up a semiconductor fabrication plant in the South Asian nation, giving a boost to Indian Prime Minister Narendra Modi’s efforts to bolster manufacturing in the country. The proposed plant would make infrared, gallium nitride and silicon carbide semiconductors, according to a White House readout that followed a meeting between US President Joe Biden and Modi in Delaware on Saturday. The setting up of the facility would be enabled by support from the India Semiconductor Mission and a “strategic technology partnership between Bharat Semi, 3rdiTech Inc and the US Space