Retailer Tesco PLC’s banking arm on Tuesday said that £2.5 million (US$3 million) had been stolen from 9,000 customers over the weekend in what cyberexperts said was the first mass hacking of accounts at a Western bank.
Tesco Bank said it had resumed full service after the theft, which forced the suspension of online transactions on Monday.
“We’ve now refunded all customer accounts affected by fraud and lifted the suspension of online debit transactions so that customers can use their accounts as normal,” Tesco Bank CEO Benny Higgins said in a statement.
The bank, whose operating income has accounted for as much as a quarter of Tesco’s total in some years, added that no customer data had been compromised.
The National Cyber Security Centre (NCSC), a new government body, on Tuesday said that it was working with criminal investigators and Tesco to understand the nature of an attack described as “unprecedented” by the financial regulator.
The NCSC and National Crime Agency said they could not remember another confirmed case where thieves had stolen large sums of money via a mass hacking of accounts at a Western bank.
The bank has provided few details about what happened. It is not clear how online thieves broke into the bank, how they pulled out the funds or how much was stolen. It is also not clear if there are any suspects.
A spokeswoman for Tesco declined to comment beyond its previous statement on Monday.
Cyberexperts said that smaller banks, like Tesco’s, are more vulnerable to attack than global financial institutions, which have bigger cybersecurity budgets.
JPMorgan, for example, has disclosed that it spends about US$600 million on cybersecurity annually.
“Smaller and medium-sized companies may be more vulnerable; many of them have not invested properly in security measures and an incident like this should stimulate them to think again,” said Sergio Romanets, a cybersecurity expert at consultant Greyspark Partners in London.
Cyber and information technology (IT) security risks have received little coverage in Tesco Bank’s most recent annual report, according to a Reuters analysis, with just one mention — saying “of note is the industry-wide attention on cyber-crime”.
Rival J. Sainsbury PLC’s bank unit and Metro Bank PLC, two other smaller “challenger” banks in Britain, each mention cyber and information security at least three times in their most recent annual reports. By contrast, among the nation’s biggest banks, Santander UK has at least 49 mentions, Barclays at least 14 and Lloyds 32.
Tesco Bank runs on separate IT systems from the group’s retail unit. The lender was originally set up as a joint venture with Royal Bank of Scotland (RBS) and Tesco PLC in 1997, before becoming wholly owned by the retailer in 2008.
US financial technology provider Fiserv provides its online retail banking platform and its financial crime prevention system, according to Fiserv’s Web site.
“There is no indication that our software or services were involved in the incident that Tesco Bank experienced over the weekend. Nonetheless, we are offering our support in whatever manner will be helpful to Tesco Bank,” a spokeswoman for Fiserv said in an e-mailed statement.
Tesco Bank has spent £500 million building up its technology platform over the past seven years since the split with RBS, accounts showed.
Britain’s financial regulator sought to reassure the public that financial authorities were working to understand the nature of the attack.
On Monday, British lawmaker Andrew Tyrie, chair of parliament’s powerful finance committee, said both banks and regulators had done too little to improve cybersecurity.
Reported attacks on financial institutions in Britain have risen from just five in 2014 to more than 75 so far this year, according to Financial Conduct Authority data, but bank executives and providers of security systems say many attacks go unreported.
SETBACK: Apple’s India iPhone push has been disrupted after Foxconn recalled hundreds of Chinese engineers, amid Beijing’s attempts to curb tech transfers Apple Inc assembly partner Hon Hai Precision Industry Co (鴻海精密), also known internationally as Foxconn Technology Group (富士康科技集團), has recalled about 300 Chinese engineers from a factory in India, the latest setback for the iPhone maker’s push to rapidly expand in the country. The extraction of Chinese workers from the factory of Yuzhan Technology (India) Private Ltd, a Hon Hai component unit, in southern Tamil Nadu state, is the second such move in a few months. The company has started flying in Taiwanese engineers to replace staff leaving, people familiar with the matter said, asking not to be named, as the
The prices of gasoline and diesel at domestic fuel stations are to rise NT$0.1 and NT$0.4 per liter this week respectively, after international crude oil prices rose last week, CPC Corp, Taiwan (台灣中油) and Formosa Petrochemical Corp (台塑石化) announced yesterday. Effective today, gasoline prices at CPC and Formosa stations are to rise to NT$27.3, NT$28.8 and NT$30.8 per liter for 92, 95 and 98-octane unleaded gasoline respectively, the companies said in separate statements. The price of premium diesel is to rise to NT$26.2 per liter at CPC stations and NT$26 at Formosa pumps, they said. The announcements came after international crude oil prices
STABLE DEMAND: Delta supplies US clients in the aerospace, defense and machinery segments, and expects second-half sales to be similar to the first half Delta Electronics Inc (台達電) expects its US automation business to remain steady in the second half, with no signs of weakening client demand. With demand from US clients remaining solid, its performance in the second half is expected to be similar to that of the first half, Andy Liu (劉佳容), general manager of the company’s industrial automation business group, said on the sidelines of the Taiwan Automation Intelligence and Robot Show in Taipei on Wednesday. The company earlier reported that revenue from its automation business grew 7 percent year-on-year to NT$27.22 billion (US$889.98 million) in the first half, accounting for 11 percent
A German company is putting used electric vehicle batteries to new use by stacking them into fridge-size units that homes and businesses can use to store their excess solar and wind energy. This week, the company Voltfang — which means “catching volts” — opened its first industrial site in Aachen, Germany, near the Belgian and Dutch borders. With about 100 staff, Voltfang says it is the biggest facility of its kind in Europe in the budding sector of refurbishing lithium-ion batteries. Its CEO David Oudsandji hopes it would help Europe’s biggest economy ween itself off fossil fuels and increasingly rely on climate-friendly renewables. While
RSS