Expert comment:Professor Carsten Maple
“We have learned of another high profile breach this morning – this time, Tesco Bank. As yet we know little of how the breach occurred, but what we do know is that a number of accounts were subjected to "online criminal activity" over the weekend, with "some cases" resulting in money being withdrawn fraudulently. Of course Tesco has stated it will refund money to those affected, but failed to answer two key questions: How did the breach occur and what about the impact and associated costs for those affected?
“For the first question, it may not be necessary to provide this answer today, but it will be important. Were card machines breached? Was there a human error either within Tesco or one of its partners? These questions will be important as they will determine the follow-up actions needed by Tesco and it customers.
“The second question is more pressing and answers are needed more quickly. Some people are dependent on having the money refunded immediately, and with 20,000 accounts having money stolen and the same number of accounts under investigation (where “suspicious activity” was identified but unknown whether funds were stolen), refunding the money “as soon as possible” will not be sufficient. The temporary suspension of transacting online will affect an even wider customer base. Tesco Bank has already been heavily criticised on social media and it needs to ensure there is clear and constant interaction with its customers.”