Tesco Bank hack: What you need to know

Tesco Bank's hacking is the 'most serious' ever to hit the UK banking sector. Credit: PA

At least 20,00 Tesco Bank customers have had money stolen from their accounts in the "most serious" hack to ever hit the UK banking sector.

Another 40,000 customers reported 'suspicious activity' as fraudsters accessed confidential account information.

Here's what you need to know if you are affected.

  • How was the hack carried out?

Tesco Bank said 20,000 customers had money stolen from their accounts. Credit: PA

Tesco Bank, which has 7.8 million customer accounts, says it is working with authorities and regulators to address the circumstances surrounding the security breach.

Online security experts said there was no set formula for dealing with cyber attacks which tend to vary in terms of sophistication.

Security specialist Mark James said: "It could be mass harvesting of credentials, cards, ATMs, infiltration of the banks systems, but Tesco will need to keep the public informed if they want to come out of this on top.

"Whilst no system is 100% safe, keeping the victims well-informed of your current operations, cause and future defences are what's needed."

The National Crime Agency spokesman is now co-ordinating with law enforcement to deal with the case.

  • What types of cyber attacks are there?

Using the same passwords for multiple accounts could leave you open to hackers. Credit: PA

According to cyber security experts, the range of cyber attacks are constantly changing along with technology.

But organisations and individuals are particularly at threat from malware, phishing scams and Distributed-Denial-Of-Service (DDOS).

  • Malware - a catch-all for a range of cyber-threats, including, viruses, spyware, trojans and worms, it is essentially, any software with malicious intent for your device or computer

  • Phishing scams - a request for data or information from what looks like a trusted source, but is actually an attempt to trick users into handing over entering sensitive information, or clicking a malicious link

  • DDOS - by inundating a network with traffic and data, hackers can overload it and take it offline in a 'distributed-denial-of-service-attack', with the system unresponsive, hackers can then cause further damage

The majority of hacks that target individuals take place due to criminals fraudulently obtaining user details.

This predominately occurs by phishing, where emails and text messages are sent to users pretending to be from official sources but in fact come from hackers.

These look to steal details by either tricking users into following a link and entering them into a fake website, or the link will download malware onto a user's computer that then captures account details.

  • Could it affect other banks?

TalkTalk was fined a record £400,000 for security failings after being hacked. Credit: PA

The short answer is yes. Any organisation with a computer network is open to a hacking attack at any time and from anywhere.

Last year it was revealed that cyber criminals cost the UK £11 billion.

Most businesses, especially banks, spend hundreds of thousands of pounds on protecting their systems but obviously breaches do still occur.

In September, Yahoo confirmed that at least 500 million users had their personal information stolen by hackers over the past two years.The company said it believed the attack was carried out by a "state-sponsored actor".

Last year around 21,000 unique bank account numbers and sort codes were accessed in the TalkTalk cyber attack.

In addition, about 157,000 email addresses, names and phone numbers were also accessed.

It later emerged that all of the information that was stolen was being held without encryption making it easier for hackers to sell the information on or use it to access other sensitive data.

  • How can bank customers stay safe?

Banks advise customers to be vigilant over any emails they receive. Credit: Reuters

Consumer group Which? has a list of seven points to help identify an attempted fraud.

These include being contacted out of the blue, an offer being too good to be true and being pressured to respond quickly and with personal details.

The group also says users should look out for vague contact details, spelling and grammatical mistakes or being asked to keep the correspondence quiet.

Banks advise customers to be vigilant over any emails they receive that appear in any way suspicious, and to avoid clicking on any links within them.

Most banks also say they do not ask for security details over email or text, and users should instead contact banks directly by phone to discuss account details.

A national campaign, backed by banks and other businesses, also gives consumers these five bits of advice:

  • Never disclose security details, such as your PIN or full password - it’s never okay to reveal these details

  • Don’t assume an email request or caller is genuine - people aren’t always who they say they are

  • Don’t be rushed – a genuine bank or organisation won’t mind waiting to give you time to stop and think

  • Listen to your instincts – if something feels wrong then it is usually right to pause and question it

  • Stay in control – have the confidence to refuse unusual requests for information

Cyber-security: More tips to protect yourself online