Tesco has refunded £2.5 million to 9,000 customers after a "systematic, sophisticated attack" struck the British retail bank.
Chief executive Benny Higgins told BBC News that the bank has returned all stolen funds to affected customers. Tesco has also allowed account holders to resume making online payments using their debit cards, an inconvenience for which Higgins apologized:
"We've now refunded all customer accounts affected by fraud and lifted the suspension of online debit transactions so that customers can use their accounts as normal. We'd again like to apologize for the worry and inconvenience this issue has caused."
No personal information was compromised in the incident.
At this time, there is still no information available about what exactly caused the attack.
Andrew Bailey, chief executive of the Financial Conduct Authority (FCA), suggested the attack could have resulted from a weakness in Tesco's IT environment. But it's still too early to tell.
The National Crime Agency (NCA) is currently leading the investigation into the matter.
On 5 November, the bank warned account holders to be on the lookout for suspicious changes to their account balances.
Tesco, which boasts more than 7 million customers, went on to ask those who observed fraud on their accounts contact it immediately so that its representatives could refund any lost funds within 24 hours.
But when affected users attempted to contact the bank, many experienced difficulties in reaching a representative.
One such customer expressed their frustration on Tesco's website. As quoted by The Guardian:
"I have been trying to contact you since last night and have now – unsuccessfully – spent over two hours on the phone. I have identified a shortfall of over £600 between balance and funds available. You are urging affected customers to contact you at once, but making it impossible to do."
Affected customers who have already reported payment card fraud to the bank can expect to receive a new card in the next week or so.