Tesco Bank was hit by an attack that led to 9000 customers having money stolen in fraudulent transactions.
Home Secretary Amber Rudd has said that cyber attacks on financial firms are undermining confidence in the financial sector as Tesco Bank investigates a hack on its systems.
“The recent example of Tesco Bank is a stark example of what we face,” Rudd said, according to a Reuters report, speaking at a Financial Conduct Authority conference.
“Public confidence in our institutions get shaken by these sort of events.”
Tesco Bank suspended online payments after it detected ‘suspicious activity’. Service had resumed by 10 PM on 8 November.
Around 9,000 customers were affected by the fraudulent transactions, Tesco said. It cost £2.5 million.
All customers affected had been fully reimbursed, Tesco said.
The bank also said that no customer personal data had been compromised.
On 5 November, several customers complained that money had been withdrawn from their Tesco Bank accounts without permission. They also complained that cards had been blocked and there being long delays in being able to contact the bank on the phone.
The bank is working with the National Cyber Security Centre, a division of GCHQ on the investigation.
Attacks against financial institutions are increasing through a variety of vectors.
An attack in February used the SWIFT network, which transmits messages between financial institutions, to steal $81m (£56m) stolen from Bangladesh’s central bank. Attackers exploited vulnerabilities in banks funds’ transfer initiation environments before sending the messages over SWIFT.
In May 2016, Anonymous launched Operation Icarus, which was a 30-day cyber campaign that targeted the London Stock Exchange, PayPal and NASDAQ.
The regulators are taking notice. In April, UK banks were ordered to step up their security by the Bank of England (BoE), after the second attack on a major financial institution this year.
The BoE ordered them to detail steps taken to secure computers connected to SWIFT, according to insiders who spoke to Reuters.
The orders included conducting a ‘compliance check’ to check whether they are following security procedures issued by SWIFT.