Tesco has been accused of turning a blind eye to the theft of hundreds of thousands of pounds’ worth of Clubcard vouchers by failing to take up the chance to pre-warn customers of the threat of fraud.
According to a report in The Financial Mail, a private security firm – which asked not to be named – spotted the fraud at an early stage and alerted Tesco, offering a list of over 20,000 customers in danger.
However, Tesco turned the company down, preferring to refund customers who protested, rather than alert them in advance and risk bad publicity.
Tesco did not say why it turned down the offer of the list of likely victims, but said that it had a “well resourced internal security team” as well as outside advisers.
The issue first emerged in February 2013 when Tesco warned Clubcard members to beware of personal data phishing scams, following reports Clubcard vouchers had been swiped from online accounts.
The retail giant called in the police amid fears the money-off coupons were stolen after miscreants compromised victims’ accounts. The details had not come from any leak at Tesco itself, but crooks who harvested log-in information from other sources then used them on the Tesco website to see if any worked.
Tesco’s cyber security boss Clive Timmons told The Financial Mail: “We fully refund vouchers to customers affected by this problem, and we strongly advise all our customers to use different passwords for different sites. Where Clubcard vouchers are used fraudulently, it is almost always because the same password is used for a Tesco account as on another website which has had a security breach.”
Related stories
Clubcard theft ‘work of cyber gang’
Clubcard site hit by new hack attack
Tesco warns of Clubcard theft threat
Clubcard vouchers to go digital
RT ashishkhera: Tesco slammed for refusing help over Clubcard theft http://t.co/OFd23c5F8Y #directmarketing #loyalty #digitalmarketing
—…