Tesco Warns 600,000 Clubcard Holders Of Fraud

Tesco has warned of “fraudulent activity” surrounding some account holders of its Clubcard loyalty scheme.

The supermarket said that no customer’s financial data accessed, and it doesn’t seem to be a hack of Tesco’s internal systems. Rather, it seems that someone stole password/username combinations from other website(s) and used them to try to access Tesco sites.

Password reuse is a common security vulnerability. This Tesco compromise reinforces the importance of changing passwords for different online services and websites.

Account compromise

Tesco will reportedly issue 600,000 new Clubcards to customers, although the stolen information has been utilised in order to try to gain access to up to 620,000 Clubcard accounts in total.

News of the problem arose when Clubcard account holders were sent an email by Tesco to make them aware of the issue.

Tesco has reportedly cancelled all affected vouchers, and it has assured customers that no Clubcard points will be lost and new vouchers will be issued.

Tesco’s loyalty scheme offers members one point for every pound spent, and every 100 points earned is worth £1 in in-store credit.

“We are aware of some fraudulent activity around the redemption of a small proportion of our customers’ Clubcard vouchers,” Tesco was quoted by ITV News as saying in a statement.

“We have strict security measures in place and our priority is protecting our customers,” Tesco reportedly said. “Our internal systems picked this up quickly and we immediately took steps to protect our customers and restrict access to their accounts.”

“At no point was any customer’s financial data accessed,” the supermarket said. “We believe that someone has stolen password/username combinations from other website(s) and used them to try to access Tesco sites – where customers used the same username and password.”

2We have asked customers affected to reset their passwords and are contacting customers whose Clubcard vouchers may have been affected to let them know that we will replace these vouchers and issue new Clubcards, as a precaution,” it said.

“We are sorry for any inconvenience this may cause,” Tesco concluded.

Previous scares

This is not the first time that there has been a security scare involving Tesco’s Clubcard.

In 2013 Tesco contacted the police after claims that customer accounts had been hacked and ClubCard vouchers pilfered.

Customers had complained vouchers had gone missing from their rewards accounts. Reports at the time indicated vouchers worth hundreds of pounds had been stolen from those shoppers who had stored up their rewards.

Silicon UK also revealed in July 2012 that the Tesco website contained an XSS flaw, which could have helped hackers hijack customer accounts by having session cookies sent to attacker-controlled servers.

In 2014 Tesco was forced to deactivate the online accounts of several thousand of its customers after details of their accounts were posted following a security breach of its website.

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Google To Delete Location History Of Users Who Visit Abortion Clinics

Google to automatically delete location history of users who go near sensitive locations such as…

17 hours ago

Central African Republic Pushes Crypto For Economic Inclusion

Central African Republic's cryptocurrency-based Sango plan aims to boost crypto adoption, tokenisation – and even…

17 hours ago

Hacker Claims Theft Of Data On 1 Billion Chinese Citizens

Hacker offers data on 1 billion Chinese citizens for sale in online forum, claims to…

19 hours ago

TikTok Reassures US Senate Over Data Plans

TikTok tells lawmakers it plans to store all American data on Oracle servers, amidst ongoing…

20 hours ago

FBI Adds ‘Cryptoqueen’ To List Of Ten Most Wanted

FBI adds Ruja Ignatova, former leader of OneCoin cryptocurrency scheme, to list of ten most…

21 hours ago