A day after thousands of customers noticed money missing from their accounts with no explanation, Tesco Bank in the U.K. has halted all online payments from customer accounts as it struggles to contain and find the root cause of the incident.
Bank officials on Monday said that they were aware of the missing money, which affects as many as 20,000 customers, saying that it was the result of “online criminal activity, in some cases resulting in money being withdrawn fraudulently.” Many customers on Sunday were posting complaints on Twitter and elsewhere saying that some or all of the money in their Tesco accounts had been withdrawn without authorization, mainly on Saturday night. Some customers said they had received texts or emails from the bank, while others didn’t receive any notifications.
“We apologise for the worry and inconvenience that this has caused for customers, and can only stress that we are taking every step to protect our customers’ accounts. That is why, as a precautionary measure, we have taken the decision today to temporarily stop online transactions from current accounts,” the bank said in a statement on its site Monday.
“This will only affect current account customers. While online transactions will not be available, current account customers will still be able to use their cards for cash withdrawals, chip and pin payments, and all existing bill payments and direct debits will continue as normal. We are working hard to resume normal service on current accounts as soon as possible.”
Tesco Bank has more than 7.6 million customers and the company estimates that about 20,000 customers have been affected by this incident. How the attackers were able to get access to that many accounts is unclear. A phishing attack is one possibility, but gaining that many victims of one bank at a specific time would be difficult.