That still seems odd... phishing & malware attacks are going on all the time, so a targetted strike on Tesco bank users all at the same time would be a very 'restrained' attack. Phishing would take place over several days, so the attackers would be gathering account details piece by piece. Also, the first thing that banks tend to do when a large scale phishing attack has been successful is to re-issue new passwords and card numbers, yet Tesco haven't done this. So whatever avenue of attack the hackers had, Tesco must be confident that they have closed it off without needing to junk any compromised account details?
