Tesco has been forced to reissue more than 600,000 Clubcards after it was targeted by an online scam.
The supermarket said it had discovered attempts by fraudsters to use usernames and passwords stolen from other platforms to access customers’ Clubcard benefits, though it insisted its own systems had not been hacked and no financial data stolen.
Tesco revealed up to 620,000 accounts might have been subject to the scam and said it had cancelled all affected vouchers.
It is understood the scam attempted to take advantage of customers using the same username and password for Clubcard as they do for other platforms, from which the information was stolen.
Tesco said it was reassuring customers that nobody would lose their Clubcard vouchers.
“We are aware of some fraudulent activity around the redemption of a small proportion of our customers’ Clubcard vouchers,” said a spokeswoman.
“We have strict security measures in place and our priority is protecting our customers. Our internal systems picked this up quickly and we immediately took steps to protect our customers and restrict access to their accounts.
“At no point was any customer’s financial data accessed. We believe that someone has stolen password/username combinations from other websites and used them to try to access Tesco sites - where customers used the same username and password. We have asked customers affected to reset their passwords and are contacting customers whose Clubcard vouchers may have been affected to let them know that we will replace these vouchers and issue new Clubcards, as a precaution.
“We are sorry for any inconvenience this may cause.”