Tesco Bank has released more details regarding the cyber attack that took control of its online accounts and led the bank to freeze all of its users online transactions.
Over the weekend the bank was hit by an attack that it initially thought affected 20,000 customers. However, Tesco Bank has now revealed that only 9,000 accounts were compromised by the security breach. Though the amount of customers affected is lower than first reported, some of those whose accounts were accessed during the attack lost as much as £2,000.
On Tuesday, Tesco Bank announced that it had refunded £2.5 million to all of those affected by the breach and guaranteed that no personal data was obtained during the attack.
Benny Higgins, the bank's CEO, explained how it was dealing with the situation, saying: “We've now refunded all customer accounts affected by fraud and lifted the suspension of online debit transactions so that customers can use their accounts as normal. We'd also like to reassure our customers that none of their personal data has been compromised. We'd again like to apologise for the worry and inconvenience this issue has caused.”
The UK's National Crime Agency has begun a criminal investigation into the breach and has released a statement in which it said: “Given the investigation thus far and the evidence at hand, the NCSC is unaware of any wider threat to the UK banking sector connected with the incident.”
The Information Commissioner's Office (ICO) noted that it may also investigate the breach if need be, saying: “The law requires organisations to have appropriate measures in place to keep people's personal data secure. Where there's a suggestion that hasn't happened, the ICO can investigate and enforce if necessary.”
The cyberattack and subsequent security breach at Tesco Bank still remains one of the largest to ever occur, despite the fact that the initial number of customers affected turned out to be much lower than first reported.
Image Credit: Darren Grove / Shutterstock