Tesco Bank's Chief Executive Benny Higgins told BBC Radio 4's Today programme that the total number of customer current accounts are about 136,000, and 40,000 of these experienced suspicious transactions, and around half of those had some money taken from their accounts.
According to Higgins, online transactions for current accounts have been halted until Tesco Bank has "got fully on top of the issue". Higgins stated that "any financial loss that results from this fraudulent activity will be borne by the bank...customers are not at financial risk."
Ilia Kolochenko, CEO of web security company, High-Tech Bridge, commented: “The situation is not clear yet, and it’s too early to make any conclusions about the origins and the source of the breach. In the past, similar incidents involved many different approaches: from e-banking system compromise to targeted spear-phishing and social engineering campaigns aimed at infecting bank clients’ machines or mobile devices with sophisticated malware, stealing money from their accounts. A massive skimming campaign cannot be excluded either.
It is important to highlight that such a large-scale attack with important financial losses would hardly be possible without some insider help to the attackers. Banking system, compliance processes and fraud-prevention systems are usually bank-specific, and in order to bypass them (we can speak about successful bypass, as so many people have already lost their money) we need to have some insider knowledge. Nevertheless, we need to wait for the official investigation results before making any conclusions.”