Tesco Bank cyber raid 'unprecedented', says financial regulator

FCA chief tells MPs that ‘serious’ theft from 20,000 accounts may be linked via debit card flaw as customers report money transfered to Brazil and Spain

The cyber heist at Tesco Bank been described by the chief executive of the City regulator as an “unprecedented” incident in the UK.

Andrew Bailey, chief executive of the Financial Conduct Authority, told MPs on the Treasury select committee that “there are elements of this that look unprecedented and it is serious, clearly”.

Tesco Bank stopped all online transactions for 140,000 current account customers on Monday after it discovered 40,000 customers had been targeted by the online attack. Half of the customers had money taken from their accounts, which are operated through an app or online. Customers have reported that sums have been transferred to Spain and Brazil.

The National Crime Agency (NCA) is one of a number of organisations scrutinising what has taken place at the supermarket chain’s banking arm, which has more than 7 million customers.

A new division of the surveillance agency GCHQ – the National Cyber Security Centre – confirmed it was working with the NCA which has launched a criminal inquiry. The NCSC, created only last month as the UK’s authority on cybersecurity, said it was “providing direct assistance to the company at their request, including on-site assistance”.

“In the case of cyber-related incidents, it can, on certain occasions, take a significant period of time to understand the incident given the technical complexities involved. So the story will emerge over time. During this period it is vital that nothing is said publicly that could interfere with the criminal investigation,” the NCSC said.

“Given the investigation thus far and the evidence at hand, the National Cyber Security Centre is unaware of any wider threat to the UK banking sector connected with this incident.”

Bailey told the MPs that the FCA was in close contact with Tesco and that the bank had reassured the regulator that customers whose money had been stolen would be reimbursed by the end of Tuesday.

He said it was too early to know the exact cause but said it appeared to be related to debit cards and that computer hackers were looking for weaknesses and “points of entry” into banks.

“It looks like its [in] on-line banking, clearly appears to be on debit card side of online banking as far as we can tell. But it requires further urgent analysis ,” said Bailey.

He said he was confident that Tesco knew which customers were affected by the incident which began to unfold on Saturday night when the bank began texting customers about unusual activity from their accounts.

But Tesco provided no update on the status of its customers on Tuesday after suspending online banking transactions for current accounts in the wake of the incident.

Bailey indicated that Tesco would not be able turn those facilities back on until it was confident it knew the service was safe for customers.

A number of theories have circulated about the cause of the problem, including that it was caused by an internal security breach. Conservative MP Chris Philp, a member of the Treasury select committee, has raised the idea it could have been the work of a foreign power. “I think we can’t rule out the possibility, at all, that this is state-sponsored,” he told the BBC earlier this week.

As the crisis was unfolding, Benny Higgins, chief executive of Tesco Bank, had said the decision to suspend some banking activities was an attempt to protect customers from “online criminal activity”.

Higgins, who has apologised to customers, has described the raid as “a systematic, sophisticated attack”.

The NCSC said its role was to provide support to the investigation, work with the company concerned to manage the incident, investigate the root causes and use any lessons learned to provide future guidance and policy on cyber security.

The Information Commissioner’s Office is also scrutinising the situation. It fined telecom company TalkTalk a record £400,000 in October for failing to stop the personal data of 157,000 customers being hacked.

Andrew Tyrie, the Conservative MP who chairs the Treasury select committee, said after the hearing that “the attack on Tesco’s retail accounts is deeply troubling. Banks have a long way to go to improve the resilience and security of their IT systems”.

Another member of the committee, Steve Baker, said: “the vulnerability of Tesco Bank highlights the crucial importance of technical security to the financial system.”


Jill Treanor

The GuardianTramp

Related Content

Article image
Tesco Bank cyber-thieves stole £2.5m from 9,000 people
Bank announces total sum as it reassures customers that they have been refunded and that normal services have been restored

Jill Treanor

08, Nov, 2016 @10:10 PM

Article image
Tesco Bank freezes transactions after cash taken from 20,000 accounts
Bank chief says move is attempt to protect customers and pledges to refund 20,000 current account holders who lost money

Jill Treanor and Rupert Jones

07, Nov, 2016 @6:59 PM

Article image
Lloyds bank accounts targeted in huge cybercrime attack
Banking group says none of its 20m accounts were hacked or compromised after fending off two-day denial of service attack

Patrick Collinson

23, Jan, 2017 @12:20 PM

Article image
Regulator warns of dangers of mobile banking

Fraud, IT meltdown and even the 'fat finger' … mobile banking services can often go wrong, warns the Financial Conduct Authority

Rupert Jones

27, Aug, 2013 @3:34 PM

Article image
UK’s financial regulator urges banks to rethink branch closures
Financial Conduct Authority concerned vulnerable customers may be left without access to services

Hilary Osborne

29, Jan, 2021 @12:01 AM

Article image
Tesco Bank fraud: key questions answered
Suspicious transactions spotted on around 40,000 accounts have seen online payments frozen. So what next?

Hilary Osborne

07, Nov, 2016 @11:41 AM

Article image
Which? files supercomplaint against banks over transfer fraud
Banks may face formal inquiry into whether they can refuse to reimburse victims conned into transferring money into fraudsters’ accounts

Rupert Jones

22, Sep, 2016 @11:01 PM

Article image
Loan and credit card payments to be frozen for three months in UK
Financial regulator fast-tracks measures to help consumers during coronavirus crisis

Kalyeena Makortoff Banking correspondent

02, Apr, 2020 @10:07 AM

Article image
Tesco Bank boss warns current account will hit profits
Benny Higgins says supermarket's financial services arm is in for 'tempered profitability' period while the current account is set up

Jill Treanor

11, Dec, 2013 @12:01 AM

Article image
RBS says NatWest website hit by cyber-attack
Royal Bank of Scotland said its systems had been deliberately targeted

Jill Treanor

06, Dec, 2013 @2:41 PM