Cyber Criminals Steal Money from Nearly 20,000 Customers of UK’s Tesco Bank

Tesco Bank, the lending arm of the U.K.’s biggest grocer, said it suspended online transactions after about 20,000 customers had money fraudulently taken from their accounts.

About 40,000 of the bank’s 136,000 checking account holders experienced suspicious transactions over the weekend, Tesco Bank Chief Executive Officer Benny Higgins told BBC Radio 4’s Today program. About half of those had money taken from their account, he said. The problem has only affected checking accounts, a representative for the bank said.

Some of the world’s biggest financial institutions, including JPMorgan Chase & Co., HSBC Holdings Plc and the Federal Reserve Bank of New York, have all been cyber-jacked in some way in the past couple of years. In the second quarter of this year, there was a 50 percent jump in activity by cyber criminals injecting malware programs into financial companies worldwide from the same period in 2015, according to Kaspersky Lab, a global cyber security company.

“Banking fraud is unfortunately very prevalent, and has been for a while,” said Tom Kirchmaier, researcher at the financial markets group at the London School of Economics. “The industry is not very forthcoming with sharing data with the police, and so we only hear about the worst cases, and Tesco’s can be considered one such instance.”

Tesco customers complained on the bank’s website of seeing amounts varying from 20 pounds ($24.80) to 600 pounds missing from their accounts. Tesco Bank has more than 7 million customer accounts in total across a range of products like insurance and mortgages.

The U.K. Financial Conduct Authority is aware of the matter and working with the bank on it, a spokeswoman said.

Tesco Bank only started offering current accounts, the British term for checking accounts, in 2014. The declining fortunes of Tesco’s domestic supermarket business means the bank represented about 17 percent of group operating profit in the last financial year.

Customers can still use their account to withdraw money from cash machines or to pay for goods at a retailer, Higgins said. Any financial loss will be borne by the bank and customers are not at financial risk, he said.

The crime was committed at a time “when banks are typically understaffed and will respond more slowly,” Cliff Moyce, global head of financial services at consultant DataArt, said by e-mail. “Automated fraud detection systems appear to have worked well, but a lack of people at desks will not have helped.”

Tesco shares fell as much as 3.3 percent in early London trading. They were down 1.3 percent at 200 pence as of 9:53 a.m.

Related:

• U.S. Seeks Tougher Cybersecurity Standards for Banks
• UK Banks Reluctant to Report Extent of Relentless Cyber Attacks
• SWIFT Expects Cyber Attacks on Banks to Increase
• New York Proposes ‘Flexible’ Cybersecurity Regulation for Insurers, Banks
• EU Members Should Run Stress Tests for Banks’ Cyber Risks: EU Banking Chief
• Cyber Attacks on Financial Firms Up; Ransomware Attacks Way Up: Beazley
• UK Banks Ordered to Update Cyber Security After $81M Bangladesh Bank Heist
• Urgent Action Needed to Tackle Systemic Threat of Cyber Risk: Marsh & TheCityUK
• Bank of England Faces ‘Advanced, Persistent & Evolving’ Cyber Threats
• Malware Used to Steal $80M-Plus in Bangladesh Cyber Bank Heist: Officials
• Cyber Attacks On Banks More Serious Than Public Realizes