Thousands of holders of current accounts with the UK’s Tesco Bank were unable to access online banking on Monday after some accounts were subjected to “online criminal activity” and money was stolen from some accounts.
Chief executive Benny Higgins said that “any financial loss as a result of this activity will be resolved fully by Tesco Bank”, and reassured users that any money stolen would be refunded “as soon as possible”.
Tesco Bank hasn’t said how the attack happened, nor who might have been behind it. So what should Tesco Bank customers do?
The advice we gave to Yahoo customers after it was revealed that 500 million accounts had been breached still holds: change your password, and if you’ve used that password on any other accounts, change the password for those accounts, too.
It goes without saying that you shouldn’t use the same password for more than one account, and that’s doubly important when it comes to online banking.
Make sure it’s a strong password:
You could also consider resetting your security questions – and remember, they don’t have to be the actual answers to, say, your mother’s maiden name or your first pet. Those answers just have to be something you can remember – or something a password protector such as LastPass or KeePass can generate for you and recall.
Keep a sharp eye on your bank statements and online balance for any dodgy transactions, and let Tesco Bank know about them as soon as possible.
Watch out for emails claiming to come from Tesco Bank – or anyone else, for that matter – saying you need to reset your bank details and providing a link: it’s not unheard of for other scammers to exploit the security fears sparked by this kind of attack.
If a link in such an email takes you to a page inviting you to enter your details, stop right there. It’s much safer to go to your bank’s website by typing the web address into your browser.
Have a look at our post offering more detailed tips for how to keep your online banking safe for further advice – and regardless of who you bank with, it’s always a good idea to review your security practices.