“EVERY little helps.” The thieves may have found Tesco’s advertising slogan only too apt. Over the weekend of November 5th and 6th, Tesco Bank, the financial arm of Britain’s biggest retailer, detected “suspicious transactions” on 40,000 current (ie, checking) accounts. Online raiders succeeded in stealing from 9,000: some customers spotted dodgy payments to companies in Brazil and Spain. On November 8th Tesco Bank said it had reimbursed all losses, to the tune of £2.5m ($3.1m). Online transactions from current accounts, which it had suspended, were up and running again.
If the bank or other investigators have any idea who stole the money and how, they are not saying. Reports say that GCHQ, a spy agency, has been called in. All this has fed rather than starved speculation: an MP has said “state-sponsored” crime cannot be ruled out. There is little to go on, notes Alfredo Pironti of IOActive, a cyber-security company. One possibility is that the thieves found a weakness in the bank’s web application. Another is that they managed to filch lots of customers’ passwords over a period of time and exploited them in one go. Still…Continue reading