Tesco has enlisted the help of spy agency GCHQ to assist its investigation of what is the most serious cyber attack ever launched against a British bank.
The supermarket giant contacted the National Cyber Security Centre (NCSC), a new part of GCHQ that tackles crime online and opened last month, after it learned of the theft at Tesco Bank at the weekend, which saw money taken from about 20,000 current accounts.
The NCSC reports into GCHQ, the UK’s digital espionage agency, and has been providing “on-site assistance” to Tesco. It is working alongside the National Crime Agency to investigate the attack.
Tesco Bank confirmed on Monday that it had detected “online criminal activity” in 40,000 current accounts and that money was taken from half of them. It later said on Tuesday that normal service had resumed following the temporary suspension of online transactions from the affected accounts and that personal data had not been compromised.
It has been forced to suspend online transactions as it investigates the attack, which involved sums running into thousands of pounds being stolen from customers. Chris Philp, an MP on the Commons Treasury Select Committee (TSC), has suggested the theft could have been “state-sponsored”.
The NCSC said it was “unaware of any wider threat to the UK banking sector connected with this incident”.
Andrew Bailey, the chief executive of City watchdog the Financial Conduct Authority, told the TSC today that the attack against the lender “looks unprecedented in the UK”.
He said that “it’s too early to give you a comprehensive account of what the root causes are” but added that the hack “clearly appears to be in the debit card side of online banking as far as I can tell”.
Tesco Bank has pledged to refund all customers affected by the end of today, and its chief executive Benny Higgins has conceded that the total sum will be a “big number”.
The bank has a total of 136,000 current accounts and offers services, including insurance and mortgages, to about seven million customers.