The hacking of Tesco Bank customer accounts is the “most serious” ever to hit the UK banking sector, security experts have said.
Around 20,000 users of Tesco Bank have had money stolen from their accounts, with online transactions now frozen after “suspicious” activity was spotted over the weekend.
Online security experts said the attack should spark both consumers and the banks themselves into becoming better prepared to deal with cyber threats.
Peter Roe, from IT analyst firm TechMarketView, said: “This looks like the most serious, and certainly the most visible, of the various difficulties suffered by the UK banking sector in recent times. The number of accounts affected suggests that this is a systemic failure of security around Tesco’s core database.
“As many banks breathe a sigh of relief that it is not their names in today’s headlines, they must surely recognise the scale of the problem. The sector needs to re-double its efforts in cyber-security. No-one is safe.”
Mark James, security specialist at cyber security firm ESET, said the move towards more digital transactions made similar attacks inevitable.
“Banks are a very desirable target; scamming individuals has relatively small rewards but if you can target the bank at source the rewards could be massive,” he said.
“This is not the first time we have seen direct hacking attempts for major banks in the UK and, with more and more people embracing online or mobile banking, we will see these types of hacking attacks becoming more successful.
“As cash seems to be used less and less, our lives are becoming more digital; even small payments these days are often covered by cards or mobile payments. If you increase the footprint, you increase the risk.”
The cause of the attack is yet to be confirmed, but Mr James said that, while there were several possible scenarios, Tesco must ensure customers are kept up to date.
“It could be any number of reasons and as often in these cases we won’t know until Tesco’s allocated authorities have found more information,” he said,
“It could be mass harvesting of credentials, cards, ATMs, infiltration of the banks systems, but Tesco will need to keep the public informed if they want to come out of this on top.
“Whilst no system is 100% safe, keeping the victims well-informed of your current operations, cause and future defences are what’s needed.”