Tesco Bank Hacked - Thousands Of Accounts Compromised

[realnikb]

Haven't seen a post on here about this yet.

Tesco Bank have announced that over 20,000 customers have had money wiped/stolen from their accounts and another 20,000 plus have been flagged for "suspicious activity".

Whilst 20,000 customers may not initially sound like a large figure when their total user base is over 7 million, this is easily one of (if not the) biggest online cyber attack to happen to a British bank to date.

That said, whilst there's over 7 million users/accounts with Tesco, the actual number of current accounts with them comes in at around 136,000. Meaning that around 29% of all current accounts were compromised.

Source: http://www.independent.co.uk/news/bu...-a7402006.html

[virtuo]

Tesco Bank, I think that's all that needs to be said. Hopefully those 20,000 unfortunate customers get all their money back, plus compo, and put it in to a proper bank.

[Gerrard]

It is like a horror movie; The Tesco Chain-Store Mass Hacker.

[Macman]

It is like a horror movie; The Tesco Chain-Store Mass Hacker.

You didn't just do that...

[peterb]

Tesco Bank, I think that's all that needs to be said. Hopefully those 20,000 unfortunate customers get all their money back, plus compo, and put it in to a proper bank.

Not sure what you mean by 'a proper bank'. It started as a joint venture with RBS, but they bought out the RBS share about 8 years ago. They have a banking licence issued by the FSA and so are a 'proper bank' (as is Sainsburys Bank)

https://en.m.wikipedia.org/wiki/Tesco_Bank

[shaithis]

I'm sure those effected will get some complimentary club card points!

[peterb]

I'm sure those effected will get some complimentary club card points!

I hope that those that effected the hack will be punished if caught and provide compensation to those affected by the hack (with or with Clubcard points!)

[virtuo]

Not sure what you mean by 'a proper bank'. It started as a joint venture with RBS, but they bought out the RBS share about 8 years ago. They have a banking licence issued by the FSA and so are a 'proper bank' (as is Sainsburys Bank)

https://en.m.wikipedia.org/wiki/Tesco_Bank

Okay they are a bank, as is Sainsburys. What I meant to imply when I used the word "proper" was a bank whose main business is, and always has been, looking after my money. A bank that understands security and properly audits and monitors their customer facing systems. (That last sentence might be a bit of a presumption, but if something on this large of a scale can go unnoticed for so long, then something was being done badly).

Seeing a supermarket brand slapped across something serious like loans, insurance and banking just makes me think of a cheap feet-first cash-in.

And, seeing the fairly poor way Tesco handles their main business (i.e. Groceries), I would always value any of their secondary services below the likes of, say, Santander or HSBC. And after this embarassment, I'd value them below any of their equivalents (e.g. Sainsburys).

[Corky34]

They have a banking licence issued by the FSA and so are a 'proper bank' (as is Sainsburys Bank)

That's what i found most disturbing, to provide banking service they would have had to meet certain standards, standards that seem to have not protected their customers.
If it can happen to Sainsbury's logically it could happen to any bank.

[jim]

Okay they are a bank, as is Sainsburys. What I meant to imply when I used the word "proper" was a bank whose main business is, and always has been, looking after my money. A bank that understands security and properly audits and monitors their customer facing systems. (That last sentence might be a bit of a presumption, but if something on this large of a scale can go unnoticed for so long, then something was being done badly).

Yes, that's a big presumption - and probably wrong.

Ultimately, the FCA and PRA will be going into licensed banks (i.e. all of them) to verify that their security and auditing is fit for purpose - and I would be very surprised if any of them pass everything with flying colours. What that means is that where there are gaps, the regulator will know about it, and most likely if a bank is working to improve its security, it's not because the bank has decided to do it, but because the regulator has told them to do it.

The one thing that you could argue is that a global bank is likely to have stronger controls, because they're not just dealing with the PRA and FCA, but also the OCC, FFIEC, US Feds, HKMA, MAS... the list goes on. And so they have a much longer list of requirements that they are expected to adhere to. Still though, that doesn't mean they're compliant.

[TooNice]

That's what i found most disturbing, to provide banking service they would have had to meet certain standards, standards that seem to have not protected their customers.
If it can happen to Sainsbury's logically it could happen to any bank.

That's going by the, perhaps not so far fetched assumption, that no bank will try to exceed the standard though wouldn't it?

[realnikb]

Tesco have come out and said that everyone who would have been affected would have their money back today... so... yeah fingers crossed for them.

[badass]

That's going by the, perhaps not so far fetched assumption, that no bank will try to exceed the standard though wouldn't it?

Indeed. I've worked in IT in the finance industry and now work Cyber Security. I've worked with many people that have worked collectively probably for most banks that operate in the UK.

Whilst Cyber Security in banks is much better than most other industries, it is shockingly bad.