Banner Default Image

Tesco Clubcard holders warned of major security issue - what to do if you're affected

almost 4 years ago by Lucy Cinder

Tesco Clubcard holders warned of major security issue - what to do if you're affected

Cyber Security

Tesco has issued new cards to 600,000 members of its Clubcard loyalty scheme after discovering some accounts had been compromised.

The supermarket chain said attackers attempted to gain access to Clubcard accounts using a database of credentials stolen from other platforms.

Tesco says all Clubcard members potentially affected by the incident have been informed via email.

Although the hackers were thought to have had some success, no financial information was exposed in the incident and Tesco’s systems have not been attacked, the company added.

Fraudulent activity

Tesco’s loyalty scheme offers members one point for every pound spent, and every 100 points earned is worth £1 in in-store credit.

Although attackers gained access to the credit accrued by some account holders, Tesco said no Clubcard points will be lost and new vouchers will be issued.

Members set to receive new Clubcards as a result of the incident can continue to collect points online and in-store using their existing cards.

“We are aware of some fraudulent activity around the redemption of a small proportion of our customers' Clubcard vouchers,” said a Tesco spokesperson.

“Our internal systems picked this up quickly and we immediately took steps to protect our customers and restrict access to their accounts.”

According to Chris Miller, Regional Director UK&I at RSA Security, incidents of this kind are exacerbated by users’ reliance on identical log-ins for multiple platforms.

“Authentication continues to be a balancing act between security and convenience and organisations must continue to look for convenient yet secure ways to make access as easy as possible for the user,” he told TechRadar Pro.

“From the end-user's perspective, it is really important not to use the same password for multiple accounts...After all, if attackers have tried to log into Tesco Clubcard with stolen credentials, in all likelihood they'll be trying the credentials on other sites too.”

Tesco has advised Clubcard members to get in contact on 0800 591 688 with any additional queries related to the incident.

source techradar

Industry: Cyber Security

Banner Default Image

Latest Jobs