Tesco Bank UK Breached, Freezing All Online Transactions

Home / Blog / IT security news / Tesco Bank UK Breached, Freezing All Online Transactions
Tesco Bank UK Breached, Freezing All Online Transactions

We rely on doing online banking to transfer money between our family, friends, and business associates. How would you feel if your bank account was hacked?

In an unbelievable turn of events, the UK’s Tesco Bank was hit with the biggest cyber attack in British banking. On Sunday 6th of November 2016, British newspapers reported that 40,000 Tesco Bank bank accounts had been raided. Some customers also had their credit card details stolen and used as far away as America and Brazil.

In more bad news for its customers, Tesco Bank took the extraordinary measure of freezing all of their members’ bank accounts.

It seems that on that fateful day, Tesco Bank was forced to block a few thousand credit cards due to “suspicious activity”. The bank claimed that the blocked accounts were merely a “precautionary measure” and less than 10,000 members were affected. Outraged customers quickly complained about being victims on social media.

The next day, the bank froze all online transactions.

How Tesco Bank Accounts Were Robbed

While Tesco Bank has admitted that money has been stolen from the bank due, they have resisted in calling this incident a cyber attack or hacking against their bank. Tesco Bank have not clarified how bank accounts were infiltrated and bypassed the banks’ own security measures apart from saying it was due to “online criminal activity”.

Cyber security experts believe that the breach was due to an inside job, credential stuffing, as well as exploiting a third-party supplier. Some also claim that they notified the bank about security vulnerabilities of its mobile app months ago.

Other viewpoints include:

  • Posts on the dark web described the bank as being a ‘cash cow’ and ‘easy to cash out’. In September, hackers on the dark web boasted that they had tested thousands of login combinations and found one that worked.
  • Contactless smartphone payments were the key to the breach
  • The method of customers accessing their online banking is weak and compromising the database means that it will reveal all logins and passwords to attackers

Nevertheless, this is a sophisticated attack. No organisation is immune to similar attacks and the must have a multi-layered approach to security.

Are You a Tesco Bank Customer?

Fortunately, if you are a Tesco Bank customer, you can log into your bank account and check whether any fraudulent transactions have been made. No matter how small the transaction may be, report all malicious activity. Small fraudulent transactions are often used by cyber criminals to siphon funds out of bank accounts before the big hit.

In other good news, current account customers can still perform ATM cash withdrawals and chip and pin payments. Direct debited bills and existing bill payments will continue as normal.

Tesco Bank officials claim that customers will be notified via a telephone call or SMS.

What Further Scams to Look Out For

While official statements will be made on social media and via the phone, cyber criminals may take advantage of this situation and play it to their advantage to steal even more money.

Phishing Scams

Be extra suspicious of any emails or phone calls claiming to be Tesco Bank. If they ask for personal information, account details, or passwords – ignore it.

In addition, a revolutionary new way called Angler Fishing that criminals are pretending to be trusted institutions and stealing sensitive data and your money through it.

What Tesco Bank Customers Should Do

As a precautionary measure, change your bank credentials now. Passwords should be long and complex, with a mixture of symbols, numbers, and letters. If your password was used on different web services accounts, make sure that you change your passwords for those services as well.