Information security / TSB slammed for suspected data breach & poor response following weekend outage
TSB slammed for suspected data breach & poor response following weekend outage
23 April 2018 |
A weekend upgrade of TSB's banking systems went horribly wrong after customers started getting access to other people's online banking accounts and full transaction records. However, TSB tried to allay nerves by announcing that such issues lasted all of 20 minutes and were fixed on Sunday night.
Last weekend, TSB began the process of shifting customer records from Lloyds' online systems to its own and announced that the 'upgrade' would take place between 16:00 BST on Friday and 18:00 on Sunday.
However, many TSB account holders started complaining during the weekend that they could not access their online banking accounts. Some of them who could view their accounts, surprisingly, found that aside from their own accounts, they could also view account and transaction records of other people.
"I could see all my accounts, but on top of that also three accounts belonging to someone else: a £35,000 savings account, an £11,000 Isa and a business account," Matthew Neal from Hertfordshire told the BBC.
"I could see their account numbers, sort codes and transaction histories and I had access to transfer money too, if I was that way inclined. The thing that was worrying me most was: what if someone can see mine too?"
While such complaints have been rare, the fact that TSB's online banking system is still under maintenance has not gone down well with thousands of customers. TSB's Twitter handle is currently inundated with hundreds of thousands of queries and complaints from account holders. Following are a few examples:
"Still not working. 14 hours later. Instead of a copy and paste answer to your customers @tsb why not give practical advice or an estimated timescale of a fix. Shambles. Utter disaster."
"This @TSB online outage is very frustrating especially as it's at the end of the month and I'd like to see how much money is left in my account. Do you have an ETA for service resumption?" #tsb #tsbdown
"@TSB still can’t get through on app, desktop or phone!! Absolute joke - no money for shopping or petrol people have jobs and kids to feed ffs!! How long is it going to be!?!?!? And please don’t bother with automated responses #tsbdown."
Even though TSB hasn't responded individually to such complaints, the bank released a statement earlier today in which it claimed to have resolved the issue.
"We're really sorry that some of our customers experienced problems accessing our mobile app and internet banking yesterday evening. Both of these services are now up and running again," it said. However, many TSB account holders are still complaining on social media about not beiing able to access their accounts online.
"We have noted some reports in the media regarding customers' access to account information last night. We can confirm the access issues, which lasted only about 20 minutes and impacted just a tiny fraction of our customer base, were fixed last night," said a TSB spokesman.
Commenting on TSB's online banking fiasco, Mark Adams, regional vice-president for the UK and Ireland at Veeam, said: “The extended downtime witnessed on TSB’s online banking over the weekend highlights once again that planned downtime is simply not an acceptable way to operate a business in 2018.
"In a previous era, consumers and businesses would have accepted scheduled maintenance or 'planned downtime' for a day or so as part of the digital experience. But today, people’s expectations of technology have changed. As such, scheduled downtime is no longer as acceptable, and is fast becoming a reason for declining customer satisfaction. This is the reality of how customer-demand is forcing businesses to re-evaluate how they operate.
"One way this could’ve been avoided would’ve been to put backup data to work and ‘sandbox’ or predict possible outages and issues by trialling away from the live environment. Backups aren’t just for when Dave in accounts deletes a file, it can help change a business’ agility and credibility and create what we’re calling ‘Hyper Availability’ where businesses are always ‘on’."
He added that reports of a mismanagement of customer account data has also affected the confidence that customer have about the ability of their banks in handling the security of customer data and transactions.
"With GDPR only a month away from being enforced, this is a timely reminder for businesses to ensure personal data is subject to the most rigorous of standards and service levels. It appears from the reports today that customers were not notified of the breach and the errors, instead finding out for themselves when using the online platform of mobile application. This isn't acceptable," he added.
Latest posts by Jay Jay (see all)
- NCA nabs hacker behind phishing attack on Lancaster University - 16th August 2019
- FCA says e-commerce industry needs 18 months to be fully SCA-compliant - 16th August 2019
- Hackers target ECB’s BIRD website; steal personal data of subscribers - 16th August 2019
- British Airways blamed for exposing passenger data via unencrypted web links - 15th August 2019
- Choice Hotels data breach: 700k data records lost to hackers - 15th August 2019