Tesco Bank boss ‘hopeful’ of customer refund after mass cyber theft
Tesco Bank’s chief executive Benny Higgins has said he is “very hopeful” customers would be refunded within 24 hours after about 40,000 of its accounts saw suspicious transactions over the weekend, of which half had money taken.
The challenger bank, which employs most of its 4,000-strong workforce in Edinburgh and Glasgow and has its HQ in the Scottish capital, has been forced to block some facilities on customers’ cards after “suspicious activity” was detected by its fraud prevention system.
Customers are still be able to use their cards for cash withdrawals, chip and pin payments, and bill payments, and Mr Higgins has confirmed that they can also use online banking, but they cannot make online transactions until the situation is back under control.
The bank had already confirmed some accounts “have been subject to online criminal activity, in some cases resulting in money being withdrawn fraudulently”.
Mr Higgins also apologised for the “worry and inconvenience” that customers have faced.
The bank was formed in 1997 and has been wholly owned by Tesco PLC since 2008 and now has 7.8 million customer accounts.
Customers took to social media to alert the bank once the attack was underway.
One man tweeted his available balance had dropped by £700 without him making a transaction, while another said the disruption had left her “unable to feed my kids in school tomorrow”.
Others complained about a lack of communication and hours spent on hold.
“We have been hacked, all money gone, no email or text! Appalling response from Tesco so far #nobodyanswering,” one tweeted.
Tesco Bank said on its website it wanted to do “everything we can to protect our customers from fraud” and urged those who feared their accounts had been hacked to contact them immediately.
The statement, issued yesterday morning, said: “Yesterday our fraud prevention systems identified suspicious activity on a number of accounts. As a precautionary measure we have blocked some customer cards and have contacted affected customers via text message to notify them.”