Hack of Tesco Bank hits thousands of customers

Monday, November 14, 2016 - 09:41 by David Aiken

Although Tesco is best known as a major player in the world of supermarkets, its success has allowed it to branch out and apply its brand to other types of services, including banking. But this month its financial platform suffered a major setback after a successful hack saw 9,000 customers collectively lose £2.5 million, according to the Register.

When the attack was originally reported, it was suggested that as many as 20,000 accounts had been compromised but, as the dust settled, it became apparent that the scale was not quite as significant.

When the assault was ongoing, access to Tesco Bank’s online and mobile services was restricted, although customers were still able to use payment cards and withdraw cash from ATMs. This has led security experts, including ECSC’s Ian Mann, to suggest that the breach occurred as a result of weaknesses in internal systems.

Mann was critical of the login process involved in accessing the bank’s online services, arguing that with email-based usernames and unencrypted PINs, not enough was being done to protect customer accounts.

Of course at this point in time the investigation into the hack, conducted in partnership with the National Cyber Security Centre, is ongoing and the facts of the matter have yet to emerge, so any statements about how it was executed can be taken as speculation.

Tesco offers shopping online to customers across the UK and has a comparatively solid record for security in this arena. But of course the Tesco Bank service is a somewhat separate entity and also a higher priority target for cybercriminals looking to make money from any vulnerabilities.

Consumers should still be confident in being able to carry out shopping online with Tesco, although it may need time to rebuild trust in its banking platform.