Officials from United Kingdom-based Tesco Bank said a total of $3.1 million was stolen last weekend from 9,000 customer accounts, according to a Reuters report.
On Monday, Tesco officials confirmed customer accounts had been broken into over the weekend, resulting in fraudulent withdrawals from what was originally estimated to be 20,000 accounts. The bank did not reveal how much money was taken until Thursday. Tesco is a small bank with only about 2% of the UK’s total accounts
The bank has not revealed how the cybercriminals were able to break into accounts. The National Cyber Security Centre in Britain is helping Tesco investigate the incident.
Despite reassurances, cybersecurity in the financial sector appears to be on shaky ground. Banks worldwide have been under pressure to improve their security efforts since cybercriminals stole $81 million from Bangladesh Bank in February using fraudulent SWIFT wire transfers.
Banks commonly face cybersecurity threats, but the Bangledesh and Tesco heists appear to be the first times cybercriminals have actually succeeded in removing money from accounts, which is putting the financial sector on edge.
On Thursday, Britain's interior minister, Amber Rudd, told a Financial Conduct Authority conference the theft was a "threat to national security and undermines public trust in financial firms."
An August review and ranking of the security postures of thousands of global financial services companies by SecurityScorecard found 95% of the top 20 U.S. commercial banks by revenue have a network security grade of C or below.