British bank TSB has suffered from an IT crisis which has lasted for over six days with an estimated 1.9 million customers experiencing problems around accessing their accounts. The problems occurred when TSB began a customer data migration from Lloyds’ IT system. The bank split from Lloyds Banking Group in 2013 and was sold to Spanish bank Sabadell in 2015 for £1.7bn. When TSB split from the Lloyds Banking Group, it continued to rent a banking platform from its former owner while it developed its own “state-of-the-art” platform.
The new “state-of-the-art” platform was meant to be ready to go live at the weekend just gone with TSB moving its customers’ data from the Lloyds’ platform to its own. This was a long-planned disruption to the service and the bank said it had informed its customers of the change and that it there was the potential of them being unable to use online banking or payment systems at the weekend.
On Sunday some customers reported to various media outlets that they were able to see other customers’ details in a suspected data breach that is being looked into by the Information Commissioner’s Office.
The crisis has resulted in numerous customer being affected, with up to 1.9 million customers locked out of their accounts for a sixth day, MPs are demanding action and the bank facing a potential multimillion-pound compensation bill and regulatory fines. Nicky Morgan MP, chair of the Treasury Committee, has called for the bank to explain how it intended to compensate the customers who suffered a breach of potentially highly-sensitive personal data. Meanwhile, the City watchdog said:
“working with the firm to ensure customers are properly communicated with and are not left out of pocket”.
The Financial Conduct Authority adding:
“We will be talking to the firm to understand exactly what went wrong and the steps that they are taking to ensure something like this does not happen again.”
Financial and banking organisations have a history of upholding high levels of data security, the Financial Conduct Authority (FCA) is just one industry regulator with guidelines that all firms must follow. With the impending effect of the GDPR TSB could face large fines from both the FCA and the Information Commissioner’s Office (ICO).
The importance of secure data migration
When dealing with sensitive data, as all banks do, it is vital to uphold the highest levels of security, a data breach could be catastrophic, and any cyber-criminal benefactors could stand to make millions. Data migrations are often complex, having to account for multiple systems in multiple locations and to ensure there is little or no downtime. The knock-on effects of downtime are most often felt by customers, as is the case with TSB.
The situation has been ongoing for several days now and TSB has called on IBM to help them fix the issues. Parent company Banco Sabadell has issued a warning that online banking and banking applications may not be fully online for a further week. In the meantime, the bank has announced it will waive all overdraft fees and interest charges for April. This attempt to retain customers may cost in the short run but could be vital to reducing the negative reputation gained the longer this breach/outage continues.
Data governance and the GDPR
The General Data Protection represents a huge shake-up to data protection laws and carries with it big consequences for non-compliance and large-scale data breaches. Complying with the GDPR ensures that organisations are following processes around data protection and management, reducing the chance of a data breach. In addition, being able to give customers and partners the assurance that the GDPR is being complied with will build confidence and reflect on reputation in a positive light.
Redstor have been assisting organisations with data governance and data protection compliance for 20 years, giving organisations tools to securely manage data through its lifecycle. For further information on cloud backup, disaster recovery and archiving get in touch today. Contact us.