Security Fears as TSB Customers Able to Access Other Accounts

Written by

Nearly two million UK banking customers are reportedly experiencing difficulties using their account online, with some able to access other users’ funds after an IT upgrade went wrong.

The IT project was trailed by TSB for some time and customers were told they wouldn’t be able to access accounts over the weekend as it transferred systems from an old Lloyds Bank platform to a new state-of-the-art in-house IT system.

However, reports suggest customers are still affected by the IT snafu, with many taking to social media to vent their anger.

There have been numerous calls for compensation, while one customer said he was given access to another user’s £35,000 savings account, £11,000 ISA and a business account on Monday night.

Regulators the Financial Conduct Authority (FCA) and the Information Commissioner’s Office (ICO) are said to be investigating the incident.

The TSB website appears to be bereft of any advice or updates on the issue, which betrays poor planning and incident response.

However, an official statement had the following:

“We are currently experiencing large volumes of customers accessing our mobile app and internet banking which is leading to some intermittent issues with people accessing our services. We are really sorry for the inconvenience this is causing our customers and want them to know we are working as hard and as fast as we can to resolve this problem.”

Bill Curtis, chief scientist at software intelligence firm CAST, argued that many banks haven’t upgraded their IT systems because of their complexity.

“Moving forward, banks must dedicate time and effort to understand the risks held by their software architecture, especially those firms undergoing huge mergers or digital transformation projects,” he added. “We have already seen the ramifications of IT outages which cause undue stress to their customers.”

Mark Adams, regional vice-president for UK and Ireland at Veeam, claimed banks and other organizations must meet customers’ heightened expectations about service levels and downtime.

“Customers need the confidence and trust that digital transactions and the handling of data will always work as expected. With the GDPR only a month away from being enforced, this is a timely reminder for businesses to ensure personal data is subject to the most rigorous of standards and service levels,” he argued.

“It appears from the reports today that customers were not notified of the breach and the errors, instead finding out for themselves when using the online platform of mobile application. This isn't acceptable.”

What’s hot on Infosecurity Magazine?