Flattr this
hacked

Tesco Bank Hack - 140,000 accounts frozen


As one of the UK’s largest retailers with a seemingly ubiquitous presence, the Tesco brand is held in high regard by the British public. The company have leveraged their favourable brand name to expand into telecommunications and banking.
That faith, built up over decades of providing reliable service as a retailer has been shaken this week with the news that several thousand Tesco Bank customers had their accounts raided by thieves. The result of which is that several customers were unable to access their hard earned money as result of the theft and because Tesco Bank was forced to all online transactions.
The uncertainty that persists as a result of the scant information released by Tesco has only amplified the horror – the current perception being that Tesco is unaware as to the root cause of its security failure.
The number of victims was initially pegged at 20,000 with 40,000 accounts said have been tampered with in total. Irregardless of how many may have lost money to the hackers all 140,000 were inconvenienced over the weekend when the bank stopped all customers from accessing their accounts. Tesco's most recent communications claim that 9,000 customers were affected. A figure of $3.1 million is said to have been refunded to the customers in question.
https://www.tescobank.com/help/current-account-fraud-update/
The statement released by Tesco Bank:
Tesco Bank can confirm that, over the weekend, some of its customers’ current accounts have been subject to online criminal activity, in some cases resulting in money being withdrawn fraudulently...As a precautionary measure, we took the decision on Sunday 6 November 2016 to temporarily stop online transactions from current accounts. This will only affect current account customers. While online debit transactions will not be available, current account customers will still be able to use their cards for cash withdrawals, chip and pin payments, and all existing bill payments and direct debits will continue as normal. We are working hard to resume normal service on current accounts as soon as possible.
https://www.tescobank.com/
Tesco have carefully refrained from using the words ‘hacked’ or ‘hacking’ in any of their communications in relation to the breach. This important omission raises more questions as to how so many customers were so swiftly defrauded, with a number having been cleared of their life savings.
The stock market has reacted to the news in a predictable fashion, the stock price having dropped on the realization that Tesco stands to lose millions as a result of the impending fines imposed on companies found to have run afoul of UK data protection legislation.
While on the one hand Tesco Bank have been quick to acknowledge the breach other questions remain. Besides being informed that proceeds of the crime were moved to Brazil and Spain no information has been provided as to how the thieves gained access to so many accounts. The speed of the attack is suggestive of an automated process.

Additionally, Tesco claim:
Tesco Bank has not been subject to a security compromise and it is not necessary for customers to change their login or password details. To stay safe online we do recommend that customers regularly change their passwords. 
The attack against Tesco draws immediate comparisons with that suffered by Heartland Payment Systems in 2008. In that instance customer data was leaked by way of an SQL injection attack on point of sale terminals at the retailer TJ/TK Maxx – who were in turn compromised by their failure to safeguard their wireless Poorly encrypted wireless data traffic. SQL injection was also the method used in the attack on Talk Talk.
The attack in Target is yet another similar, large scale data breach.
http://www.cnet.com/news/target-hack-strips-banks-and-credit-unions-of-200m/
Tesco are working with the  authorities to establish how they were so easily compromised in what they have referred to as “a systematic, sophisticated attack”. They claim to have reimbursed all affected customers.

The U.K.’s Financial Conduct Authority (FCA) regulatory body has described the fraud as “unprecedented.” The head of the FCA, Andrew Bailey, spoke of his concerns regarding weaknesses in bank's complex IT systems.

He drew attention to the fact that the elaborate systems employed the financial houses created multiple points of failure for cybercriminals to take advantage of.


Unlike a number of other breaches in which bank details have been stolen, no data has so far appeared for resale on the dark web.






About Afritechnet

0 comments:

Post a Comment

Powered by Blogger.