TSB bank could face fines for data breach issues related to the system outage problem they suffered last month.
Many customers were left unable to properly use their accounts online and via their app for several days after a system upgrade reportedly went wrong. Some customers were unable to view their accounts, make payments or transfer money, with countless angry customers turning to social media to vent their frustrations.
One customer took a screen shot of a business account containing over £2.8m that was visible on his account, and sent it to the Information Commissioner’s Office (ICO). Others reported being able to see other people’s account details, including tens of thousands of pounds of other people’s savings, and even account details for family members.
The data visible included other customer’s transfers, payments, savings, accounts numbers and sort codes.
According to TSB, the account data breaches “lasted only about 20 minutes and impacted just a tiny fraction of our customer base and were fixed last night”. Despite the reported short time-frame of the data breach, the issue has left many customers feeling angry and vulnerable at the thought of their personal and sensitive account information being visible to others.
The ICO confirmed that they had been monitoring the situation, as did the Financial Conduct Authority (FCA). The data for some 1.3 billion customers was apparently moved from an old system to the new one when the breach occurred.
A serious data breach
The issue of customers’ personal banking information being exposed is a serious data breach, despite the reported short time-frame it occurred for. Compromised banking details can lead to cases of identity theft and fraud, irrelevant of whether money could have been moved around the accounts suffering data breaches or not.
The account numbers and sort codes – especially with details of monetary transactions and financial amounts – can be more than enough for a customer to be exposed to criminal activity.
TSB customers will need to remain vigilant in the aftermath of the data breach. With a common banking security question being to provide details of recent transactions – data that was reportedly visible in the TSB data breach – there is a clear need for TSB to increase their security measures immediately to ensure customers are protected from any attempts by criminals to commit fraud.
Such added measures, although necessary, may also serve to further anger customers who are still having problems now with the functioning of accounts.
We will continue to monitor the situation over the coming weeks and months.