This is a bank’s worst nightmare and I’ll be following this story closely. The financial, reputational, and regulatory damage that an event like this causes is very significant. Although, 20,000 accounts is a very small percentage of the 8 million total Tesco Bank accounts, this is very poor customer experience that will likely result in a loss of customers.
It is very important that this bank quickly perform root cause analysis and remediation activities to restore service to normal operations. Then damage control will likely ensue, which will include efforts to appease customers and regulators, refund customer losses, and assure the public that they have fully addressed the vulnerability(ies) that were exploited. I’m very curious to find out the root cause on this one.