Jump directly to the content
HACKERS' SHOPPING SPREE

Tesco cyber thieves who stole £2.5m from online customers went on spending spree in US and Brazil

To stay under the radar they made many low value transactions

Fraudsters who stole money from Tesco Bank customers were spending it in stores in the US and Brazil

THE hackers behind the Tesco Bank cyber-heist that saw 20,000 customers have money stolen from their accounts went on a spending spree in shops in the US and Brazil to launder their ill-gotten gains.

The cyber cons used data stolen from the British lender to set up contactless payment accounts on smartphones, sources said.

Fraudsters who stole money from Tesco Bank customers were spending it in stores in the US and Brazil
2
Fraudsters who stole money from Tesco Bank customers were spending it in stores in the US and BrazilCredit: PA

In a co-ordinated raid last weekend, they bought thousands of low-priced goods from stores, swiping their mobile phones at the tills, reports the .

Many of the fraudulent transactions are understood to have been made in the American electrical chain store, Best Buy.

The gang took £2.5million from 9,000 Tesco Bank customers before the lender detected suspicious activity and froze all online payments.

They made several low value transactions at the electrical retailer Best Buy
2
They made several low value transactions at the electrical retailer Best BuyCredit: Getty Images

The revelations will ramp up the pressure on the supermarket’s banking division, whose reputation has been damaged by the raid.

Cyber-security experts said Tesco should have acted more quickly to stop the flood of payments to overseas stores. The thieves loaded up on cheap goods to get around limits on mobile phone transactions.

“It didn’t feel as if Tesco Bank had much of a contingency plan in place,” said Dave Palmer of cyber-security firm Darktrace.

Related stories

Pamela Anderson arrives at Ecuadorian embassy with food parcel of veggie burgers for Julian Assange
WIKI-EATS

Pamela Anderson arrives at Ecuadorian embassy with food parcel of veggie burgers for Julian Assange

First ever boxing match between SAS and US Special Forces hailed a 'success'
CLASH OF THE TITANS

First ever boxing match between SAS and US Special Forces hailed a 'success'

Tram crash victim pictured as family reveal they waited THREE days for cops to confirm his death
FINAL TRAM CRASH VICTIM

Tram crash victim pictured as family reveal they waited THREE days for cops to confirm his death

ISIS jihadis using WOODEN TANKS as a diversion tactic as war rages against terror rebels in Mosul
NICE PLY

ISIS jihadis using WOODEN TANKS as a diversion tactic as war rages against terror rebels in Mosul

“It would appear the bank did not foresee that so many small frauds could happen all at once.”

Tesco Bank declined to comment on the details of the raid, but insisted none of the personal data of their customers had been “compromised”, and that it had reimbursed victims.

It has contacted the National Cyber Security Centre, a wing of spy agency GCHQ, to help with its investigation into the attack — the most expensive yet on a British bank’s IT systems.

Posts on the “dark web” — a shadowy part of the internet where users can browse anonymously — suggest Tesco may have been in the sights of cyber-thieves for some time.

In September, a fraudster operating on AlphaBay, an online marketplace for drugs, guns and other illicit goods, claimed he had an insider at Tesco Bank who could provide customer account data.

Last week it emerged that hackers had accessed the email addresses, passwords and phone numbers of 711,000 job applicants on recruitment giant Michael Page’s books.

We pay for your stories! Do you have a story for The Sun Online news team? Email us at [email protected] or call 0207 782 4368

 

Topics
YOU MIGHT LIKE
RECOMMENDED FOR YOU
MORE FOR YOU