BreachExchange mailing list archives
Tesco Clubcard holders warned of major security issue - what to do if you're affected
From: Destry Winant <destry () riskbasedsecurity com>
Date: Tue, 3 Mar 2020 09:09:34 -0600
https://www.techradar.com/news/tesco-clubcard-holders-warned-of-major-security-issue Tesco has issued new cards to 600,000 members of its Clubcard loyalty scheme after discovering some accounts had been compromised. The supermarket chain said attackers attempted to gain access to Clubcard accounts using a database of credentials stolen from other platforms. Tesco says all Clubcard members potentially affected by the incident have been informed via email. Facebook data breach sees millions of user details leaked online 30 million payment cards listed on fraud marketplace UN 'covered up' serious data breach affecting thousands of workers Although the hackers were thought to have had some success, no financial information was exposed in the incident and Tesco’s systems have not been attacked, the company added. Fraudulent activity Tesco’s loyalty scheme offers members one point for every pound spent, and every 100 points earned is worth £1 in in-store credit. Although attackers gained access to the credit accrued by some account holders, Tesco said no Clubcard points will be lost and new vouchers will be issued. Members set to receive new Clubcards as a result of the incident can continue to collect points online and in-store using their existing cards. “We are aware of some fraudulent activity around the redemption of a small proportion of our customers' Clubcard vouchers,” said a Tesco spokesperson. “Our internal systems picked this up quickly and we immediately took steps to protect our customers and restrict access to their accounts.” According to Chris Miller, Regional Director UK&I at RSA Security, incidents of this kind are exacerbated by users’ reliance on identical log-ins for multiple platforms. “Authentication continues to be a balancing act between security and convenience and organisations must continue to look for convenient yet secure ways to make access as easy as possible for the user,” he told TechRadar Pro. “From the end-user's perspective, it is really important not to use the same password for multiple accounts...After all, if attackers have tried to log into Tesco Clubcard with stolen credentials, in all likelihood they'll be trying the credentials on other sites too.” Tesco has advised Clubcard members to get in contact on 0800 591 688 with any additional queries related to the incident. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Tesco Clubcard holders warned of major security issue - what to do if you're affected Destry Winant (Mar 03)