Many customers of Tesco Bank, a British retail bank, are finding fraudulent activity that’s affected their account balances.

On 5 November, the bank issued a text alert warning account holders to be on the lookout for suspicious money withdrawals. The financial institution, which boasts more than 7 million customers, asked that those who observed fraud on their accounts contact it immediately so that its representatives could refund any lost funds within 24 hours.

But customers have experienced difficulty reaching Tesco, which has led many to criticize the bank for what they see as an insufficient response to the incident.

For example, one Kristy Brown, 36, of Scotland said she discovered fraudulent activity on her account without any prior warning from the bank. As quoted by The Guardian:

“We didn’t receive any email or text but when we checked our account this morning we were down £280.”

Brown subsequently contacted Tesco, the representatives of which froze her account. But Brown noticed someone withdrew an additional £20 from her account on Sunday.

Other customers apparently haven’t gotten that far.

One account holder told the bank they gave up trying to contact it after spending two hours on the phone:

“I have been trying to contact you since last night and have now – unsuccessfully – spent over two hours on the phone. I have identified a shortfall of over £600 between balance and funds available. You are urging affected customers to contact you at once, but making it impossible to do.”

They weren’t alone in their frustration, either.

As of this writing, Tesco has not identified exactly how many account holders have contacted its representatives.

It’s also not gone into detail over what’s causing the fraudulent activity. The Guardian speculates it could be a hack. If that’s the case, it wouldn’t be the first hack attack of its kind against a bank. After all, law enforcement officials have arrested individuals for hacking into bank accounts and for selling stolen financial accounts on the dark web in the past.

Tesco did issue the following statement on 6 November, however:

“Yesterday evening, we identified some suspicious activity in a small proportion of our customer’s current accounts. We have taken steps to protect these account holders and are contacting affected customers by text message. We can reassure our customers that they will not lose out as a result.”

“If you are concerned but have not received a text message, please check your account for any unusual transactions. If all transactions are familiar, it is highly likely that you have not been affected. For those impacted we will re-issue you with a card within seven-10 days and until then you can continue to use your existing card for chip and pin transactions only. We are sorry for any inconvenience.”

As the bank works to refund its customers’ stolen funds, let’s hope it also takes some time to review its threat protection services so that similar instances of fraud don’t occur in the future.