The banking arm of UK’s biggest retailer, Tesco, has halted all online transactions after thousands of customers had money drained from their accounts over the weekend. The attack reportedly targeted as many as 40,000 of Tesco’s current accounts, and about 20,000 of them have been confirmed to have had funds stolen.
Reports of unauthorized transactions have been pouring in on social networks. Tesco hasn’t offered any details as to what happened or how much money was taken from customers, but said it was working with the National Crime Agency to investigate and find the perpetrators. The bank’s chief executive Benny Higgins told the BBC he was "very hopeful" customers would be refunded within 24 hours. "Any financial loss that results from this fraudulent activity will be borne by the bank," he said. "Customers are not at financial risk."
Although all online activity is blocked, customers are still able to use their cards for cash withdrawals, chip and pin payments, and bill payments.
Security experts say the incident is unprecedented in its scale and the shutdown hints at how serious it was. Tesco has yet to use the word "hacking" to describe the breach. The fact that it involves tens of thousands falling victim in a 24 hour period suggest it’s part of an automated process, rather than customers falling victims of a phishing scam.