Tesco sends security warning to 600,000

Clubcard holders

Tesco is issuing new cards to 600,000 Clubcard account holders after unearthing a security issue.

The supermarket giant said it believed a database of stolen usernames and passwords from other platforms had been tried out on its websites, and may have worked in some cases.

No financial data was accessed and its systems have not been hacked, it added. It said this was a precautionary measure and apologised for the inconvenience.

"We are aware of some fraudulent activity around the redemption of a small proportion of our customers' Clubcard vouchers," a Tesco spokesperson said. "Our internal systems picked this up quickly and we immediately took steps to protect our customers and restrict access to their accounts."

The supermarket said it had emailed everybody potentially affected, that nobody would lose their points and new vouchers would also be issued.The UK loyalty scheme offers one point for every pound spent in store. Every 100 points are worth £1.

A lot of people still use simple passwords or similar log-ins for many different platforms and this incident is a very good example of the risks involved in using the same password on multiple websites. Cyber-criminals can do a lot of damage with a large breached list simply containing names and emails, they use leaked common password combinations against the emails to try to break into other personal accounts.

One possible solution is for people to use password managers to generate and store uniquely different passwords, and two factor authentication where possible - in which a text message or email code is required as well as the password.

If you require any further detail or advice, please contact John Reid in O’Rourke Reid
Dial: +353 1 240 1200
Email: jreid@orourkereid.com
LinkedIn John Reid LinkedIn Profile
Blog John Reid Solicitor

This document is for information purposes only and does not purport to represent legal advice.  
© O’Rourke Reid 2020