Tesco Bank suspends all current accounts after cyber theft

Of these 40,000 customers, 20,000 have had money taken from them without authorisation, stoking fears that Tesco Bank have been victims of a cyberattack.

While Tesco Bank still haven't use the words "hack" or "cyberattack" to describe the loss of money, CEO Benny Higgins essentially admitted a hack had occurred when, in a statement on their website, he said:

"Tesco Bank can confirm that ... some of its customers' current accounts have been subject to online criminal activity".

Credit: chrisdorney/Shutterstock.com

It seems that Tesco have yet to isolate the exact source of this activity, since as a safety measure they've blocked all 136,000 of their current accounts from executing any online transaction.

However, even though this bars their current account holders from buying anything online, their customers can still "use their cards for cash withdrawals, chip and pin payments, and all existing bill payments and direct debits".

And while it may take at least 24 hours for the 20,000 defrauded customers to be fully refunded for their losses, there are numerous things they can do while they wait to lessen the impact of any shortfall.

Refunds

To begin with, any Tesco Bank current account holder should immediately check their balance online or by phone. The bank have said they sent text messages to all 40,000 customers affected by the suspicious activity, yet it's still worth checking just in case any message slipped notice or was sent to an out-of-date number.

And if your balance does show something suspicious, then it's important to phone Tesco Bank's customer service number for current accounts, which is 0345 835 3533. If your can't get through, then it's important to keep trying, yet you can also use Twitter, on which the bank have been reported to be more responsive.

Not only would this help Tesco Bank to form a fuller picture of the incident, but it's possible to ask Tesco for compensation or help in the event that any fraudulent withdrawal has left you with too little money in your account.

Reports have indicated they've been offering affected customers only £25 as a "goodwill gesture", yet even if this will hardly be sufficient in many cases, it's always worth claiming this gesture or haggling for more if you're short for cash in the near-term.

Otherwise, you'll have to wait until the situation is resolved and Tesco Bank refund all customers in full. This process of refunding was begun yesterday afternoon, and the bank have stated that they expect it to be finished by the end of today.

Once again, if you haven't been refunded by the end of today, then it would be a good idea to continue phoning and contacting Tesco Bank until your account is returned to how it was before the weekend.

Overdrafts and credit rating

In continuity with their pledge to offer affected customers a full refund, Tesco Bank have also offered reassurances that they'll cover any additional expenses beyond a theft.

This means that, if a fraudulent withdrawal has resulted in you going into overdraft or being penalised for the late payment of a bill, then Tesco Bank will refund the relevant charges.

However, such refunding won't be part of the systematic returning of losses, so it may be necessary to contact Tesco Bank and outline any charges you've faced as a result of the hack.

And while Tesco Bank won't be reporting missed payments arising from the breach to credit agencies, the same cannot be said with any certainty for third parties.

As such, customers worried about their credit rating are strongly advised to contact any other company who may have received a late payment, so that they can explain their situation and ask for any late payments not to be communicated to credit reporting firms.

And if they're concerned their credit rating has been negatively affected because of the fraud, they can always check with one of the many companies - Experian, - who offer a credit report.

In the event that such a report shows a decreased score, customers can always phone the companies relevant to any late payment and ask for it to be erased.

In most cases, the company concerned should be sympathetic enough to remove it, yet if they don't there's always the option of formally complaining to the Financial Ombudsman Service.

Such a complaint would be the last resort and, in light of Tesco Bank's desire to quickly make amends, won't probably be necessary in this instance. Still, the option is there if people need it.

Identity theft?

Another outlying possibility - although one that could be ruled out as soon as Tesco Bank reveal more details - is that the criminals responsible for the breach have, in addition to their money, also made off with the personal details of the 20,000 affected customers.

Even though the breach appears to be a centralised attack on Tesco Bank's own system rather than a case of stealing personal details in order to make fraudulent payments, there's an outside chance that personal data might have been taken in the process.

If Tesco Bank confirm this, then there are several things that can be done by any customer who becomes suspicious that their details are being used elsewhere.

As outlined by Citizens Advice, they can once again check their credit file to see if anyone has applied for credit in their name.

They can also contact CIFAS - the UK's fraud prevention service - and ask that anyone trying to apply for credit in their name is automatically subjected to a double-check.

And if they become certain that someone has stolen and used their personal details, then they should immediately report the theft to the police.

Naming the problem

Such a scenario, however, seems unlikely, although Tesco Bank aren't especially helping matters by remaining tight-lipped about the specific nature of the cyberattack, or whatever kind of breach it may be.

They are, at least, already refunding customers in full, and offering to cover any extra charges customers face as a result of the incident.

Yet even though this will help people quickly recover their finances, Tesco clearly need to do more to understand the situation and tighten their cybersecurity, otherwise it may end up happening again.