Tesco Bank Data Breach ?

TheBanker

10_66 said:

Katiehound said:

I've also had this email- sometime in the last few days.

I have credit card & savings with them (& used to have current a/cs)

I assumed the email was genuine and was going to ask the question- is it worth having a free year with.. (can't remember!)..... whoever they are offering?

Mother's maiden name is one of the basic questions and I'm fairly sure Tesco Bank has that detail for me.

As too many banks have my mother's real maiden name, unfortunately, I can't swap it to something else now.  I figure it's best to have at least one year free with Experian Identity Plus than not at all, so I think I'll be signing up for it.

Banks won't share your mother's maiden name with Experian, and it's not something that's held in a central database. Experian are asking for it to use as a security question in future if you ever forget your log-in details, not to check against what the bank have given. It doesn't have to be your real mother's maiden name, and doesn't have to match the mother's maiden name registered elsewhere. But you do have to remember what you've told them because if you've said it's Smith, but when they ask you in future you answer Wilson, you'll not be allowed back into your account.

Is it worth signing up for? Personally I think it depends what products you have with Tesco, and whether you receive paper statements. Whilst it is right to be cautious, I don't think a credit card and savings statement would enable fraud, assuming they mask the full credit card number. If you have insurance policies which show your date of birth on the paperwork then I would be slightly more concerned. But remember it was a print supplier that was breached, so if most of your documents are sent electronically then there's probably not a great deal to worry about. 

Tesco Bank have had a major cyber incident before, if you remember, which led to a large fine from the FCA. So I imagine they want to appear to take every possible step to protect customers from fraud, having already had their fingers burnt so to speak. 

Eco_Miser

mebu60 said:

Zuzi said:

mebu60 said:

Given the above I finally decided to click through. One of the first questions from 'Experian' was wanting to know my mother's maiden name. As the breach was only supposed to be basic details and Tesco don't hold my mother's maiden name my initial suspicions are back again. I shall be contacting Tesco on Monday.

It's a question everyone gets asked as part of the sign up process (obvs I can't see which website exactly you are accessing but if someone is signing up for Experian, they need to fill it in). You will probably have a specific link to give you the access scope Tesco has promised, but I don't see what other link to your data with Tesco there could be, they are asking just their standard signup questions...

On the balance of probabilities it is most likely the standard Experian sign up form.

But it could also be that scammers have sent out an email purporting to be from Tesco using information gained from the breach and included a link to a fake Experian sign-up to garner additional information which would be incredibly valuable to them. 

Paranoid? Me? 

If you suspect a link to a fake site, put the url into a whois  lookup, and if it's recently registered, or not a credible name for the owner, it's likely fake, but if it's been registered for years to the obvious company name, it's almost certainly genuine.

molerat

Is it only a certain section of customers that have been affected - not had anything from them but I am fully on line paperwork but do seem to get the odd paper statement for savings for some reason.

mebu60

Thanks for all the feedback and suggestions, including how to check a website.

I also realised that a data breach at the printers would be unlikely to have revealed my email address. 

Have now signed up to the Experian offer (with correct mother's maiden name!). 

Nothing exciting in the information they hold on me (which is a good thing!). Newcastle BS did a credit check on me when I opened an ISA with them which is a bit rude! 

Thanks all. 

ForumUser7

mebu60 said:

Thanks for all the feedback and suggestions, including how to check a website.

I also realised that a data breach at the printers would be unlikely to have revealed my email address. 

Have now signed up to the Experian offer (with correct mother's maiden name!). 

Nothing exciting in the information they hold on me (which is a good thing!). Newcastle BS did a credit check on me when I opened an ISA with them which is a bit rude! 

Thanks all. 

It may have been a soft check - this is a standard electronic ID check

sheramber

TheBanker said:

10_66 said:

Katiehound said:

I've also had this email- sometime in the last few days.

I have credit card & savings with them (& used to have current a/cs)

I assumed the email was genuine and was going to ask the question- is it worth having a free year with.. (can't remember!)..... whoever they are offering?

Mother's maiden name is one of the basic questions and I'm fairly sure Tesco Bank has that detail for me.

As too many banks have my mother's real maiden name, unfortunately, I can't swap it to something else now.  I figure it's best to have at least one year free with Experian Identity Plus than not at all, so I think I'll be signing up for it.

Banks won't share your mother's maiden name with Experian, and it's not something that's held in a central database. Experian are asking for it to use as a security question in future if you ever forget your log-in details, not to check against what the bank have given. It doesn't have to be your real mother's maiden name, and doesn't have to match the mother's maiden name registered elsewhere. But you do have to remember what you've told them because if you've said it's Smith, but when they ask you in future you answer Wilson, you'll not be allowed back into your account.

Is it worth signing up for? Personally I think it depends what products you have with Tesco, and whether you receive paper statements. Whilst it is right to be cautious, I don't think a credit card and savings statement would enable fraud, assuming they mask the full credit card number. If you have insurance policies which show your date of birth on the paperwork then I would be slightly more concerned. But remember it was a print supplier that was breached, so if most of your documents are sent electronically then there's probably not a great deal to worry about. 

Tesco Bank have had a major cyber incident before, if you remember, which led to a large fine from the FCA. So I imagine they want to appear to take every possible step to protect customers from fraud, having already had their fingers burnt so to speak. 

According to the email the informsation  at risk is

files containing your name, address and savings account number may have been accessed.

 

While we understand this news may be unsettling, we want you to know there has been no direct breach of Tesco Bank systems, and this does not enable direct access to your savings account.

masonic

mebu60 said:

Thanks for all the feedback and suggestions, including how to check a website.

I also realised that a data breach at the printers would be unlikely to have revealed my email address. 

Have now signed up to the Experian offer (with correct mother's maiden name!). 

Nothing exciting in the information they hold on me (which is a good thing!). Newcastle BS did a credit check on me when I opened an ISA with them which is a bit rude! 

Thanks all.

The main value of this service is that you should get an alert when your credit file is searched, so will find out quickly if someone else is applying for credit in your name.

Mee

In two recent cases when my data was compromised by a hack on a utility company and a pension provider (latter linked to Moveit software)  I received letters informing me of the data breach.

sillyvixen

There has been security problem affecting 100's of companies one is the company that is contracted to do our company's payroll - won't say who my company is but it's a retail giant. We have all had to do a huge online learning about data security, and set up 2 step verification for all our company emails and any other company apps we have (payslip, online training, expenses claimes, the online h&s forms, teams accounts and even to sign onto local store specific alerts). Whilst on holiday my email address changed, by IT, and stopped working and I had no access on teams or could see the rotas! My email was in the shortened version of my first name and is now in my full first name . I have spent nearly 3 weeks getting things swapped to my new email still trying to get expenses and H&S sorted. We had loads of company emails sent to us, on personal email and company email explaining the breach and followed up by a letter. We have been given 24 months Experian, and are aware info could include name, address, dob, bank details, email addresses, pension details ect. 

An ex colleague, who works for a competitor now has been in today as she has received the letter from the company about the breach as she has a company pension,asking if it's legit or a scam - in her case it's legit!

If you have such a  communication and are not sure if it's legit .. Contact them and ask!

robatwork

A year's subscription to this is more pointless than a subscription to Horse Bolters Monthly - first edition with free large padlock.

All it looks to do it monitor your credit file to see fraudulent activity and inform you. Something you can do yourself easily and for free.

Certainly won't stop Tesco or their suppliers from getting hacked again. If Tesco had any moral compass they'd say how they're beefing up cybersecurity and also offering compensation to those actually affected. And possibly a public flogging of whoever dropped the ball.