Customers at U.K.-based Tesco Bank may have made history last weekend, but not for the reasons one might have imagined.
This after 20,000 Tesco Bank clients were victimized by cyber-thieves who breached the bank's security firewall, and withdrew money directly from client accounts.
The hackers' "systematic, sophisticated attack" differs from most data breaches in that the cyber-thieves eschewed traditional theft targets like driver's licenses or credit card numbers. Instead, they figured out a way to access customer bank accounts directly, just as easily as they had a customer's ATM card of their own.
The cyber-attack occurred over the weekend, with 40,000 Tesco bank accounts breached, and 20,000 accounts having cash taken out by cyber-hackers.
On November 6, Benny Higgins, CEO at Tesco Bank, issued an alert to the financial institution's 137,000 customers that the bank would stop online transactions from current accounts and that debit transactions would not be available. Cash withdrawal and payment with chip and PIN cards would still be possible. Higgins also said the bank would refund any money lost to customers due to the security breach by November 7.
Cyber security experts call the Tesco breach unprecedented, but not necessarily surprising.
"I've not heard of an attack of this nature and scale on a U.K. bank where it appears that the bank's central system is the target," notes Alan Woodward, a security consultant, with experience working for Europol."
The real threat is that now, apparently, cyber-criminals are targeting bank customer accounts directly, experts say.
"It's extremely unusual to see an attack of this scale directly on consumer bank accounts," says Tim Erlin, Senior Director of IT Security and Risk Strategy for Tripwire, a security services firm based in Portland, Ore.