The cyber raid at Tesco Bank has been described by the chief executive of the Financial Conduct Authority as an “unprecedented” incident in the UK.
Andrew Bailey was facing questions from the Treasury select committee after Tesco Bank admitted that 20,000 customers had money stolen from their accounts.
“There are elements of this that look unprecedented and it is serious, clearly,” said Bailey.
Tesco stopped all online transactions for 140,000 current account customers on Monday after it discovered 40,000 customers had been targeted by the online attack. Half of the customers had money taken from their accounts, which are operated through an app or online. Customers __have reported that sums __have been transferred to Spain and Brazil.
Benny Higgins, chief executive of Tesco Bank, said that the decision to suspend some banking activities was an attempt to protect customers from “online criminal activity”.
The National Crime Agency (NCA) is one of a number of organisations scrutinising what has taken place at the supermarket chain’s banking arm, which has more than 7 million customers. Andrew Tyrie, the Conservative MP who chairs the select committee, floated the idea that GCHQ, the government’s communications headquarters, is now involved in the investigation.
Bailey told the MPs that the FCA was in close contact with Tesco and that the bank had reassured the regulator that customers whose money had been stolen would be reimbursed by the end of Tuesday.
He said it was too early to know the exact cause but said it looked to be related to debit cards and that computer security experts were looking for weaknesses and “points of entry” into banks.
He said was confident that Tesco knew which customers were affected by the attack which began to unfold on Saturday night when the bank began texting customers about unusual activity from their accounts.
Higgins, who has apologised to customers, has described the raid as “a systematic, sophisticated attack”.
