Tesco bank back online, now to learn the lessons

Written by on November 9, 2016 in News with 0 Comments
REUTERS/Phil Noble/File Photo

REUTERS/Phil Noble/File Photo

LONDON (Reuters) – Retailer Tesco Plc’s banking arm said on Tuesday that 2.5 million pounds ($3 million) had been stolen from 9,000 customers over the weekend in what cyber experts said was the first mass hacking of accounts at a western bank.

Tesco Bank said it had resumed full service after the theft, which forced the suspension of online transactions on Monday.

“We’ve now refunded all customer accounts affected by fraud and lifted the suspension of online debit transactions so that customers can use their accounts as normal,” Tesco Bank CEO Benny Higgins said in a statement.

The bank, whose operating income has accounted for as much as a quarter of Tesco’s total in some years, added that no customer data had been compromised.

The National Cyber Security Centre (NCSC), a new government body, said on Tuesday that it was working with criminal investigators and Tesco to understand the nature of an attack described as “unprecedented” by the financial regulator.

The NCSC and Britain’s National Crime Agency said they could not remember another confirmed case where thieves had stolen large sums of money via a mass hacking of accounts at a Western bank.

The bank has provided few details about what happened. It is not clear how online thieves broke into the bank, how they pulled out the funds or how much was stolen. It is also not clear if there are any suspects.

A spokeswoman for Tesco declined to comment beyond its previous statement on Monday.

SMALLER BANKS AT RISK

Cyber experts said that smaller banks, like Tesco’s, are more vulnerable to attack than global financial institutions, which have bigger cyber security budgets.

JPMorgan, for example, has disclosed that it spends about $600 million on cyber security annually.

“Smaller and medium-sized companies may be more vulnerable, many of them have not invested properly in security measures and an incident like this should stimulate them to think again,” said Sergio Romanets, cyber security expert at consultant Greyspark Partners in London.

Cyber and IT security risks have received little coverage in Tesco Bank’s most recent annual report, according to a Reuters analysis, with just one mention – saying “of note is the industry-wide attention on cyber-crime”.

Rival J Sainsbury Plc’s bank unit and Metro Bank Plc, two other smaller “challenger” banks in Britain, each mention cyber and information security at least three times in their most recent annual reports. By contrast, among the country’s biggest banks, Santander UK has at least 49 mentions, Barclays at least 14 and Lloyds 32.

Tesco Bank runs on separate IT systems from the group’s retail unit. The lender was originally set up as a joint venture with Royal Bank of Scotland and Tesco Plc in 1997 before becoming wholly owned by the retailer in 2008.

U.S. financial technology provider Fiserv provides its online retail banking platform and its financial crime prevention system, according to Fiserv’s website.

“There is no indication that our software or services were involved in the incident that Tesco Bank experienced over the weekend. Nonetheless, we are offering our support in whatever manner will be helpful to Tesco Bank,” a spokeswoman for Fiserv said in an emailed statement to Reuters.

Tesco Bank has spent 500 million pounds ($618.75 million)building up its technology platform over the past seven years since the split with RBS, accounts show.

Britain’s financial regulator sought to reassure the public on Tuesday that financial authorities were working to understand the nature of the attack.

On Monday, lawmaker Andrew Tyrie, chair of Parliament’s powerful finance committee, said both banks and regulators had done too little to improve cyber security.

Reported attacks on financial institutions in Britain have risen from just five in 2014 to more than 75 so far this year, according to Financial Conduct Authority data, but bank executives and providers of security systems say many attacks go unreported.

(By Lawrence White and Tom Bergin; Additional reporting by Andrew MacAskill, Jim Finkle and Eric Auchard; Editing by Mark Potter, Pravin Char and Dan Grebler)

Tags: ,

About the Author

About the Author: Thomson Reuters is the world's largest international multimedia news agency, providing investing news, world news, business news, technology news, headline news, small business news, news alerts, personal finance, stock market, and mutual funds information available on Reuters.com, video, mobile, and interactive television platforms. .

Subscribe

If you enjoyed this article, subscribe now to receive more just like it.

Subscribe via RSS Feed

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Top