The UK’s Tesco Bank was forced to halt all online transactions on Sunday, after thousands of customers saw money disappear from their accounts over the weekend. In a statement, the bank said it put the emergency measure in place after it became apparent that some of its 136,000 current accounts had been “subject to online criminal activity.” Speaking to ITV News, Tesco Bank CEO Benny Higgins said around 40,000 of these accounts had evidence of “suspicious transactions,” while 20,000 customers had money actually disappear from their accounts.
Higgins, said his company knew “exactly” how the accounts were accessed — calling them the result of a “systematic, sophisticated attack” — but wouldn’t specify how the attack worked, saying that it could compromise the criminal investigation into the breaches. While Tesco Bank certainly isn’t the first financial institution to be targeted by hackers, the scale of the attack makes it remarkable, as draining tens of thousands of accounts at once presumably requires a carefully coordinated strike.
Customers will still be able to use their debit cards for purchases in stores and cash withdrawals at ATMs while online purchases are disabled, and Tesco Bank says it will be refunding customers who lost money by Tuesday afternoon UK time, but angry account holders have taken to Twitter to complain about a delayed response to their concerns. In the meantime, Higgins says that Tesco Bank is “working hard to resume normal service on current accounts as soon as possible.”