[BreachExchange] Tesco Clubcard holders warned of major security issue - what to do if you're affected

[Destry Winant]

https://www.techradar.com/news/tesco-clubcard-holders-warned-of-major-security-issue

Tesco has issued new cards to 600,000 members of its Clubcard loyalty
scheme after discovering some accounts had been compromised.

The supermarket chain said attackers attempted to gain access to
Clubcard accounts using a database of credentials stolen from other
platforms.

Tesco says all Clubcard members potentially affected by the incident
have been informed via email.

Facebook data breach sees millions of user details leaked online
30 million payment cards listed on fraud marketplace
UN 'covered up' serious data breach affecting thousands of workers

Although the hackers were thought to have had some success, no
financial information was exposed in the incident and Tesco’s systems
have not been attacked, the company added.

Fraudulent activity

Tesco’s loyalty scheme offers members one point for every pound spent,
and every 100 points earned is worth £1 in in-store credit.

Although attackers gained access to the credit accrued by some account
holders, Tesco said no Clubcard points will be lost and new vouchers
will be issued.

Members set to receive new Clubcards as a result of the incident can
continue to collect points online and in-store using their existing
cards.

“We are aware of some fraudulent activity around the redemption of a
small proportion of our customers' Clubcard vouchers,” said a Tesco
spokesperson.

“Our internal systems picked this up quickly and we immediately took
steps to protect our customers and restrict access to their accounts.”

According to Chris Miller, Regional Director UK&I at RSA Security,
incidents of this kind are exacerbated by users’ reliance on identical
log-ins for multiple platforms.

“Authentication continues to be a balancing act between security and
convenience and organisations must continue to look for convenient yet
secure ways to make access as easy as possible for the user,” he told
TechRadar Pro.

“From the end-user's perspective, it is really important not to use
the same password for multiple accounts...After all, if attackers have
tried to log into Tesco Clubcard with stolen credentials, in all
likelihood they'll be trying the credentials on other sites too.”

Tesco has advised Clubcard members to get in contact on 0800 591 688
with any additional queries related to the incident.