Tesco pays out £2.5m to customers following cyber attack

Updated: 

Tesco Bank says it has paid out an estimated £2.5 million to 9,000 customers after it fell victim to a cyber attack at the weekend.

The business said a full service for customers had resumed after the weekend hack that prompted a freeze in online transactions for customers.

Accounts which saw money fraudulently removed will be reimbursed by Tuesday evening, the bank said.

The announcement came after the cybercrime was described as "unprecedented" by the head of Britain's financial regulator.

Tesco Bank chief executive Benny Higgins said: "We've now refunded all customer accounts affected by fraud and lifted the suspension of online debit transactions so that customers can use their accounts as normal.

"We'd also like to reassure our customers that none of their personal data has been compromised."

Earlier on Tuesday the chief executive of the Financial Conduct Authority (FCA) said authorities were working to find the "root cause" of the breach.

"There are elements of this, as far as we can tell at the moment, that look unprecedented," Andrew Bailey told MPs at a Treasury Select Committee hearing.

Committee chairman and Tory MP Andrew Tyrie said the case looked "extremely serious", affecting around one in seven Tesco Bank account holders.

Tesco Bank had previously said money was fraudulently withdrawn from 20,000 of its 136,000 current accounts over the weekend, with suspicious activity being tracked across 40,000 accounts. It revised the number of affected accounts down to 9,000 on Tuesday.

Customers affected by the transaction block were still able to withdraw cash and use other services like chip and pin payments, while bill payments and direct debits continued as normal Tesco Bank said.

Tesco Bank had assured customers that money would be reinstated by the end of Tuesday, but Mr Bailey said: "That's important but not by any means the heart of the concern.

"The heart of concern is what is the root cause of this and what it tells us about the broader threats."

The threat appears to have only affected the "debit card side of online banking", but Mr Bailey said "further urgent analysis" is required.