There have been data breaches at TSB that should have never happened with any modern e-banking systems.’

The ongoing IT system failure of TSB surprised me not because of the failure itself. Today’s IT systems are too complicated and dynamic to be totally bug-free, so what is more important is how risks related to such failures are managed.

Go deeper with GlobalData

Premium Insights

The gold standard of business intelligence.

Find out more

It is surprising TSB allowed the buggy system to run through their 1.9 million customers without a proper testing of the new system.

TSB got the priority wrong: it seemed that they wanted to offer availability and usability to their customers sooner but forgot about other security requirements an e-banking system must offer.

From what has happened, it is clear that something seriously went wrong with TSB’s procedures on a number of things, including but not limited to:

  • internal system testing,
  • customer communications,
  • information security management and
  • data protection.

While the system failure is more about lack of availability – many customers complained that they could not use the e-banking services or even their debit cards, there are also genuine security risks.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Some criminals (including external attackers and malicious insiders) may have grabbed the opportunities to launch spear phishing attacks and have attempted to steal money from some TSB customers’ accounts.

The problems with biometrics and one time passwords (the latter won’t be solved until the end of April) also suggested that launching an attack on TSB would be easier now if no other security mechanisms are added.

If such attacks did happen or are happening, the chaos we have been observing suggested that TSB will have more difficulties identifying such attacks and providing evidence to support investigations by TSB itself and law enforcement.

In addition, if all the stories from TSB customers we saw on social media and newspapers are true, then there were clearly data breaches, e.g. one TSB customer said he had seen transactions details of somebody else’s accounts, which should have never happened with any modern e-banking systems.

While TSB is working hard to fix the system failure, it should also keep its customers and the authorities informed on what went wrong and what will be done to avoid such failures happening again in future.’

Shujun Li is Director of Kent Interdisciplinary Research Centre in Cyber Security (KirCCS) and Professor of Cyber Security at the School of Computing, University of Kent.