Nearly 20,000 Tesco Bank customers have had money stolen from their accounts as a result of a weekend hack attack, the group’s chief executive has admitted.
The bank confirmed that of its 136,000 current account holders, 40,000 had seen suspicious transactions over the weekend, while money had been fraudulently withdrawn from around 20,000 accounts.
A spokesman would not disclose the total amount that has been stolen from the accounts, adding that the incident is currently being treated as a “criminal investigation”.
“Tesco Bank can confirm that, over the weekend, some of its customer current accounts have been subject to online criminal activity, in some cases resulting in money being withdrawn fraudulently,” chief executive Benny Higgins said in a statement.
The bank has temporarily frozen online transactions as part of emergency security measures, and was earlier forced to block some customers’ cards after “suspicious activity” was detected in its fraud prevention system.
Mr Higgins issued an apology to customers and said the bank would refund accounts as soon as possible.
“We apologise for the worry and inconvenience that this has caused for customers, and can only stress that we are taking every step to protect our customers’ accounts.
“We can reassure customers that any financial loss as a result of this activity will be resolved fully by Tesco Bank, and we are working to refund accounts that have been subject to fraud as soon as possible,” he said.
The news sent Tesco shares lower by 1.2% in early trading.
A spokesman would not provide any details about how Tesco Bank would finance refunds, saying the focus is on “doing the absolute right thing” for account holders.
Mr Higgins said customers affected by the block will still be able to withdraw cash and use other services like chip and pin payments, while bill payments and direct debits “will continue as normal”.
Customers have since taken to social media to vent their frustrations.
One man tweeted that his available balance had dropped by £700 without him making a transaction, while another said the disruption had left her “unable to feed my kids in school tomorrow”.
Others complained about a lack of communication from the bank and hours spent on hold.
“We have been hacked, all money gone, no email or text! Appalling response from Tesco so far #nobodyanswering,” one tweeted.
The bank said it is working with authorities and regulators to address the circumstances surrounding the security breach.
“We are now in dialogue with the National Crime Agency. We are working closely with them. We are also in close contact with the Financial Conduct Authority,” Mr Higgins told the BBC Radio 4 Today programme
He added: “We invest very heavily in ensuring we have preventative measures in respect of this kind of fraudulent activity but in the modern world it’s impossible to be totally impregnable”.
A National Crime Agency spokesman confirmed that the organisation is now leading and co-ordinating law enforcement to deal with the Tesco Bank case, but stressed there is “no set formula” for dealing with cyber attacks, which tend to “vary in terms of sophistication”.
“It will be investigated and hopefully that will lead to action and arrests,” the NCA spokesman said.