Tesco has enlisted the help of spy agency GCHQ to assist its investigation of what is the most serious cyber attack ever launched against a British bank. The supermarket giant contacted the National Cyber Security Centre (NCSC), a new part of GCHQ that tackles crime online and opened last month, after it learned of the theft at Tesco Bank at the weekend. The NCSC reports into GCHQ, the UK’s digital espionage agency, and has been providing “on-site assistance” to Tesco. It is working alongside the National Crime Agency to investigate the attack. Tesco Bank initially said on Monday that it had detected “online criminal activity” in 40,000 current accounts and that money was taken from half of them. Late on Tuesday, it clarified that 9,000 accounts had hit by “fraudulent transactions” and that it had reimbursed an estimated £2.5m to affected customers as a result.
The lender had been forced to suspend online transactions as it investigated the attack, which involved sums running into thousands of pounds being stolen from customers, but said last night that that normal service had now been resumed. Chris Philp, an MP on the Commons Treasury Select Committee (TSC), has suggested the theft could have been “state-sponsored”. The NCSC said it was “unaware of any wider threat to the UK banking sector connected with this incident”.
Andrew Bailey, the chief executive of City watchdog the Financial Conduct Authority, told the TSC today that the attack against the lender “looks unprecedented in the UK”. He said that “it’s too early to give you a comprehensive account of what the root causes are” but added that the hack “clearly appears to be in the debit card side of online banking as far as I can tell”.
The bank has a total of 136,000 current accounts and offers services, including insurance and mortgages, to almost eight million customers.