What should have been a simple IT upgrade led to 1,300 people getting money stolen from their TSB Bank accounts.
A botched TSB Bank IT upgrade left 1.9 million customers locked out of their accounts, while 1,300 had money stolen by frauders exploiting the IT vulnerability, as reported by The Guardian.
The trouble started in April, when the bank began an IT upgrade that would transfer the records and accounts of its 5.2 million customers from a system operated by its former owner to one designed by its current owner, the report said.
While the bank warned users that some online banking services would not be available the day of the upgrade, it became clear that something had gone seriously wrong later that night. Customers began reporting that they were locked out of their accounts, that their accounts showed an incorrect balance, and that they could see accounts that belonged to other customers, The Guardian reported.
SEE: Network security policy template (Tech Pro Research)
Two days after the IT migration, TSB Bank determined that up to 1.9 million of its online and mobile customers were still locked out of their accounts.
On Wednesday—more than a month after the crisis began—TSB Bank executives said that 1,300 customers had money stolen from their accounts by cybercriminals exploiting the bank's vulnerabilities. In some cases, customers lost their life savings, The Guardian reported.
Customers are still reporting access issues. Executives also reported that more than 12,500 people had left the bank since the incident occured, and were continuing to leave at a clip of 400-500 people per day.
The incident highlights the dire consequences of a failed IT upgrade. Making matters worse was the fact that TSB Bank executives continually played down the issues customers faced, saying at first that they only impacted a small number of customers.
Andrew Bailey, the chief executive of the Financial Conduct Authority (FCA), accused TSB Bank CEO Paul Pester of "portraying an optimistic view" after the IT meltdown, and said the bank failed to be "open and transparent" about the full scale of the issues, according to The Guardian. The FCA is now investigating the issue, and may issue a fine to TSB Bank.
If your organization is planning an IT upgrade, it's key to be open and communicative with your employees or customers who may be affected—even if something goes wrong. The same goes for a data breach or other cybersecurity incident, experts recommend.
The big takeaways for tech leaders:
- A failed TSB Bank IT upgrade left 1.9 million customers locked out of their accounts, while 1,300 had money stolen by frauders exploiting the IT vulnerability.
- The incident highlights the need for open and honest communication between a company and its employees and customers in the event of a cyber incident.
- How to set up two-factor authentication for your favorite platforms and services (free PDF) (TechRepublic)
- The dumbest passwords people still use (ZDNet)
- Cheat sheet: How to become a cybersecurity pro (TechRepublic)
- Password-sharing politicians prompt security row (ZDNet)
- Businesses in these 10 US cities are most likely to get hit by cyberattacks (TechRepublic)