Dive Brief:
- United Kingdom-based Tesco Bank confirmed Monday that customer accounts were broken into over the weekend, resulting in fraudulent withdrawals from an estimated 20,000 accounts.
- The bank did not disclose how much money was stolen or explain how the thefts took place. Tesco manages 136,000 current accounts.
- Over the weekend, the bank halted online transactions to protect customers until it could ensure the issue was resolved.
Dive Insight:
The thefts come at a time of heightened cybersecurity concerns at financial institutions worldwide, proving that despite reassurances, cybersecurity in the financial sector appears to be on shaky ground.
An August review and ranking of the security postures of thousands of global financial services companies by SecurityScorecard found 95% of the top 20 U.S. commercial banks by revenue have a network security grade of C or below.
Tesco’s chief executive, Benny Higgins, said Tesco, a small bank with only about 2% of the UK’s total accounts, is currently refunding accounts and working to resume normal service as soon as possible. "We apologize for the worry and inconvenience that this has caused for customers, and can only stress that we are taking every step to protect our customers’ accounts," Higgins said in a statement.
The break-in was the first major cyber heist in the UK.
Banks worldwide have been under pressure to improve their security efforts since cybercriminals stole $81 million from Bangladesh Bank in February using fraudulent SWIFT wire transfers.