Retailer Tesco PLC’s banking arm on Tuesday said that £2.5 million (US$3 million) had been stolen from 9,000 customers over the weekend in what cyberexperts said was the first mass hacking of accounts at a Western bank.
Tesco Bank said it had resumed full service after the theft, which forced the suspension of online transactions on Monday.
“We’ve now refunded all customer accounts affected by fraud and lifted the suspension of online debit transactions so that customers can use their accounts as normal,” Tesco Bank CEO Benny Higgins said in a statement.
The bank, whose operating income has accounted for as much as a quarter of Tesco’s total in some years, added that no customer data had been compromised.
The National Cyber Security Centre (NCSC), a new government body, on Tuesday said that it was working with criminal investigators and Tesco to understand the nature of an attack described as “unprecedented” by the financial regulator.
The NCSC and National Crime Agency said they could not remember another confirmed case where thieves had stolen large sums of money via a mass hacking of accounts at a Western bank.
The bank has provided few details about what happened. It is not clear how online thieves broke into the bank, how they pulled out the funds or how much was stolen. It is also not clear if there are any suspects.
A spokeswoman for Tesco declined to comment beyond its previous statement on Monday.
Cyberexperts said that smaller banks, like Tesco’s, are more vulnerable to attack than global financial institutions, which have bigger cybersecurity budgets.
JPMorgan, for example, has disclosed that it spends about US$600 million on cybersecurity annually.
“Smaller and medium-sized companies may be more vulnerable; many of them have not invested properly in security measures and an incident like this should stimulate them to think again,” said Sergio Romanets, a cybersecurity expert at consultant Greyspark Partners in London.
Cyber and information technology (IT) security risks have received little coverage in Tesco Bank’s most recent annual report, according to a Reuters analysis, with just one mention — saying “of note is the industry-wide attention on cyber-crime”.
Rival J. Sainsbury PLC’s bank unit and Metro Bank PLC, two other smaller “challenger” banks in Britain, each mention cyber and information security at least three times in their most recent annual reports. By contrast, among the nation’s biggest banks, Santander UK has at least 49 mentions, Barclays at least 14 and Lloyds 32.
Tesco Bank runs on separate IT systems from the group’s retail unit. The lender was originally set up as a joint venture with Royal Bank of Scotland (RBS) and Tesco PLC in 1997, before becoming wholly owned by the retailer in 2008.
US financial technology provider Fiserv provides its online retail banking platform and its financial crime prevention system, according to Fiserv’s Web site.
“There is no indication that our software or services were involved in the incident that Tesco Bank experienced over the weekend. Nonetheless, we are offering our support in whatever manner will be helpful to Tesco Bank,” a spokeswoman for Fiserv said in an e-mailed statement.
Tesco Bank has spent £500 million building up its technology platform over the past seven years since the split with RBS, accounts showed.
Britain’s financial regulator sought to reassure the public that financial authorities were working to understand the nature of the attack.
On Monday, British lawmaker Andrew Tyrie, chair of parliament’s powerful finance committee, said both banks and regulators had done too little to improve cybersecurity.
Reported attacks on financial institutions in Britain have risen from just five in 2014 to more than 75 so far this year, according to Financial Conduct Authority data, but bank executives and providers of security systems say many attacks go unreported.
NEW MARKET: The partnership opens up India to the Dutch company, which already has a strong hold in the semiconductor market of South Korea, Taiwan and China ASML Holding NV entered into a partnership agreement with Tata Electronics Pvt Ltd aimed at ramping up India’s goal to develop domestic chip-manufacturing capabilities. The Dutch company’s technology would help power Tata Electronics’ planned 300 millimeter (mm) semiconductor foundry in Gujarat, according to a joint statement from the two companies on Saturday. The signing of a memorandum of understanding coincides with a visit by Indian Prime Minister Narendra Modi to the Netherlands, which is looking to deepen bilateral relations with New Delhi. ASML, whose top customers include Taiwan Semiconductor Manufacturing Co (台積電) and Samsung Electronics Co, makes lithography machines that can print
ROUGH RECORDS: Bonds in Japan, as well is in New Zealand, Australia and the US, are seeing the effects of a nervy market as stock exchanges across Asia edge down A deepening slump in Japanese government bonds added fuel to the selloff in global debt markets as rising oil prices stoked inflation fears and pushed yields to multi-decade highs. Japan’s 30-year yield yesterday surged as much as 20 basis points to the highest level since the tenor’s debut in 1999, before paring some of the move. Shorter-maturity Japanese debt was also under pressure, underscored by weak demand at a sale of five-year notes that offered a record-high coupon of 2 percent. Concerns over inflation and government spending rippling through markets including the US, Australia and New Zealand are being amplified in Japan,
The US has cleared about 10 Chinese firms to buy Nvidia Corp’s second-most powerful artificial intelligence (AI) chip, the H200, but not a single delivery has been made so far, three people familiar with the matter said, leaving a major technology deal in limbo as chief executive officer Jensen Huang (黃仁勳) seeks a breakthrough in China this week. Huang, who was not initially listed in a White House delegation to Beijing, joined the trip after an invitation from US President Donald Trump, a source said. Trump picked him up in Alaska en route to a summit with Chinese President Xi Jinping
Wall Street is licking its chops over an unprecedented slate of massive initial public offerings (IPOs) set to arrive in the coming months, beginning with Elon Musk’s Space Exploration Technologies Corp (SpaceX) next month. That is expected to be followed by artificial intelligence (AI) rivals OpenAI and Anthropic PBC. The trio of mega listings, each eyeing valuations around US$1 trillion or more, constitutes a heady period of elevated risk and reward. SpaceX is targeting an IPO that would raise up to US$80 billion — about double the funds generated from all IPOs last year. OpenAI and Anthropic are eyeing IPOs raising US$60 billion. “We’re
RSS