The UK's Tesco Bank has confirmed that tens of thousands of its customers' current accounts were compromised over the weekend, leading to fraudulent withdrawals to the tune of several hundreds of pounds, in some instances. Suspicious activity was seen across some 40,000 accounts, with money taken from around 20,000 of those, the bank's chief exec told the BBC. In reaction, Tesco Bank has temporarily frozen all online payment facilities for current accounts, and guaranteed affected customers will receive full refunds as soon as possible.
Tesco Bank has said in its latest update that cards can still be used to withdraw cash, as well as make chip and pin transactions. All scheduled direct debits and bill payments are unaffected, too, though customers should've been contacted and told all this already. In the immediate aftermath, overwhelmed support phone lines, cancelled cards and the online payments freeze will be a serious inconvenience, not to mention the missing money. But how did this happen in the first place?
As yet, we have no real details on the nature of the breach, but of all online services, you expect banking to be unfalteringly secure. Local telco TalkTalk lost 100,000 customers after last year's hack exposed personal details -- as well as being fined £400,000 (around $500,000) just last month. Rebuilding trust after losing customers' money will be a much taller order, even if only 40,000 of more than 7 million current accounts were compromised. It could, of course, have been a very sophisticated attack -- or lax security, or facilitated by someone on the inside.
For now, Tesco Bank will be scrambling to fix the situation, and is working "with the authorities and regulators to address the fraud." But hopefully it won't be too long before we understand more about the breach's origins.