Tesco is sending out over 600,000 new Clubcards to customers after finding usernames and passwords had been stolen.
New Clubcards are being sent out to 640,000 customers after Tesco found a security issue.
Tesco believes that a database of usernames and passwords had been stolen from another platform, and then the details used on their websites.
They have confirmed that no financial data was accessed and the supermarket systems were not hacked.
Some accounts may have lost some points, but Tesco will be replacing any vouchers, so no one is out of pocket.
Tesco emailed everyone who was affected by this and is issuing new cards as a precautionary measure.
A similar cyber attack at Boots affected Advantage Card holders.
Tesco’s internal systems spotted that something wasn’t right.
They then took immediate steps to restrict access on accounts impacted so nothing could be accessed and reported it to the ICO.
A statement from Tesco said:
“We are aware of some fraudulent activity around the redemption of a small proportion of our customers’ Clubcard vouchers
“Our internal systems picked this up quickly and we immediately took steps to protect our customers and restrict access to their accounts.
“At no point was any customer’s financial data accessed.
“We believe that someone has stolen password/username combinations from other website(s) and used them to try to access Tesco sites – where customers used the same username and password.
“We have asked customers affected to reset their passwords and are contacting customers whose Clubcard vouchers may have been affected to let them know that we will replace these vouchers and issue new Clubcards, as a precaution.
“We are sorry for any inconvenience this may cause.”
There are some 19 million Clubcard accounts in the UK, so this is a reasonably limited issue.
Protect your data
If another company has been hacked and your details were stolen, any company needs to tell you about it.
But, that doesn’t mean their email didn’t land in your spam box, and you missed it.
It’s a good idea to look on the Have I Been Pwned site which allows you to find any data breaches against your email address/es.
You’re able to check whether any of your data has been compromised in the past.
If it has, look to change your password on any of those accounts.
Look to use different password combinations on various sites to make it harder for hackers to gain access to your accounts.
We recently received a dodgy email bribing us for money after an email and password were stolen in a hack.
It can be a little unnerving when you think a “hacker” contacts you, so keep your calm and be sure to report anything to Action Fraud.