Chief executive Benny Higgins said some current accounts were subjected to “online criminal activity” over the weekend, with “some cases” resulting in money being withdrawn fraudulently.
The bank was earlier forced to block some customers’ cards after “suspicious activity” was detected in its fraud prevention system.
While online transactions are affected on Monday, chip and pin and ATM services should be operating as normal.
Mr Higgins said: “Tesco Bank can confirm that, over the weekend, some of its customer current accounts have been subject to online criminal activity, in some cases resulting in money being withdrawn fraudulently.
“We apologise for the worry and inconvenience that this has caused for customers, and can only stress that we are taking every step to protect our customers’ accounts.”
He also sought to reassure customers that Tesco Bank will “ensure they do not lose out financially” and accounts will be refunded “as soon as possible”.
The bank is working with authorities and regulators to address the circumstances surrounding the security breach, Press Association reported.
Thousands of accounts were reportedly affected after apparent fraudsters targeted the bank’s clients, with customers taking to social media to alert the bank.
One man tweeted his available balance had dropped by £700 without him making a transaction while another said the disruption had left her “unable to feed my kids in school tomorrow”.
Others complained about a lack of communication from the bank and hours spent on hold.
“We have been hacked, all money gone, no email or text! Appalling response from Tesco so far #nobodyanswering,” one tweeted.
Tesco Bank, which opened in 1997 and has been wholly owned by Tesco PLC since 2008, has 7.8 million customer accounts.