Tesco, the banking arm of Britain's biggest retailer, was hit by cyber attackers during the weekend, in which 20,000 of its customers' accounts saw their money missing. The hack is the first on a British bank known to have resulted in customers losing money.
Tesco Bank, which manages 136,000 current accounts, stopped all online transactions while it worked to resume normal service, although customers could still use their bank cards in shops and to withdraw money from cash machines.
"Any financial loss that results from this fraudulent activity will be borne by the bank," Tesco Bank Chief Executive Benny Higgins told BBC radio. "Customers are not at financial risk."
"We think it would be relatively small amounts that have come out but we're still working on that," he said, adding that he expected the cost of refunding customers would be "a big number but not a huge number".
The bank is a minnow in Britain's retail banking market, with about 2 percent of current accounts, and represents only a small part of Tesco's overall business.
Other British banks have been targeted by cyber attacks in recent years, but the Financial Conduct Authority (FCA) which regulates the sector said it was not aware of any previous incident in which customers had lost money.
HSBC issued a series of apologies to customers earlier this year after its UK personal banking websites were shut down by a "denial of service" attack, but no customer funds were at threat during that breach.
Other well-known British brands hit by significant cyber attacks over the past year include telecoms firms TalkTalk and Vodafone, business software provider Sage and electronic goods retailer Dixons Carphone.