Tesco Warns 600,000 Clubcard Holders Of Fraud

Tesco has warned of “fraudulent activity” surrounding some account holders of its Clubcard loyalty scheme.

The supermarket said that no customer’s financial data accessed, and it doesn’t seem to be a hack of Tesco’s internal systems. Rather, it seems that someone stole password/username combinations from other website(s) and used them to try to access Tesco sites.

Password reuse is a common security vulnerability. This Tesco compromise reinforces the importance of changing passwords for different online services and websites.

Account compromise

Tesco will reportedly issue 600,000 new Clubcards to customers, although the stolen information has been utilised in order to try to gain access to up to 620,000 Clubcard accounts in total.

News of the problem arose when Clubcard account holders were sent an email by Tesco to make them aware of the issue.

Tesco has reportedly cancelled all affected vouchers, and it has assured customers that no Clubcard points will be lost and new vouchers will be issued.

Tesco’s loyalty scheme offers members one point for every pound spent, and every 100 points earned is worth £1 in in-store credit.

“We are aware of some fraudulent activity around the redemption of a small proportion of our customers’ Clubcard vouchers,” Tesco was quoted by ITV News as saying in a statement.

“We have strict security measures in place and our priority is protecting our customers,” Tesco reportedly said. “Our internal systems picked this up quickly and we immediately took steps to protect our customers and restrict access to their accounts.”

“At no point was any customer’s financial data accessed,” the supermarket said. “We believe that someone has stolen password/username combinations from other website(s) and used them to try to access Tesco sites – where customers used the same username and password.”

2We have asked customers affected to reset their passwords and are contacting customers whose Clubcard vouchers may have been affected to let them know that we will replace these vouchers and issue new Clubcards, as a precaution,” it said.

“We are sorry for any inconvenience this may cause,” Tesco concluded.

Previous scares

This is not the first time that there has been a security scare involving Tesco’s Clubcard.

In 2013 Tesco contacted the police after claims that customer accounts had been hacked and ClubCard vouchers pilfered.

Customers had complained vouchers had gone missing from their rewards accounts. Reports at the time indicated vouchers worth hundreds of pounds had been stolen from those shoppers who had stored up their rewards.

Silicon UK also revealed in July 2012 that the Tesco website contained an XSS flaw, which could have helped hackers hijack customer accounts by having session cookies sent to attacker-controlled servers.

In 2014 Tesco was forced to deactivate the online accounts of several thousand of its customers after details of their accounts were posted following a security breach of its website.

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

AT&T Admits Data Breach Impacted “Nearly All” Customers

American telecommunications giant AT&T admits that “nearly all” customer accounts were compromised in 2022 breach

8 hours ago

Elon Musk’s X Breached DSA Rules, EU Finds

X's Blue checks 'used to mean trustworthy sources of information. Now our preliminary view is…

12 hours ago

Japan’s SoftBank Acquires AI Chip Start-up Graphcore

SoftBank Group has purchased another British chip firm, with the acquisition of Bristol-based Graphcore Ltd…

13 hours ago

Samsung AI-Upgraded Bixby Voice Assistant Coming This Year

Samsung reportedly confirms it will launch the upgraded voice assistant Bixby this year, that will…

1 day ago

Next Neuralink Brain Implant Coming Soon, Says Musk

Despite an issue with first Neuralink implant in a patient, Elon Musk says second brain…

1 day ago

EU Accepts Apple’s Legal Commitments To Open NFC Access

Legal commitment over Apple's NFC-based mobile payments system, which is to be opened to rival…

1 day ago