The fun never stops.
Beleaguered bank TSB has messed up once more, as it was revealed this week that customers had received letters containing other people’s details.
This comes after it already made unfavourable headlines thanks to a monumental and much-publicised IT meltdown, which left customers unable to access their accounts or to contact the bank for help. As a result of the problems, which stemmed from a mass data migration gone awry, many customers lost money through fraud or technical issues.
In the latest cock-up, TSB sent out letters to customers, acknowledging the IT problems, but a number of these letters contained some surprising bonus information – the name, address and reference numbers of other customers.
Speaking to the BBC, TSB customer Isabella Morrison-Shand, who received one of the letters, said, "If I was in any way shady, I could contact them and say that I was from TSB and perhaps trick them into discussing things. I have no confidence in TSB at all of controlling their usage of my data and keeping it safe and secure."
TSB = Terribly Silly Bank
Acknowledging the screw-up in its letters acknowledging its previous screw-up, a spokesperson for the bank said, "We are aware that there has been issue with a recent acknowledgement mailing. We are working with our third-party supplier to understand the root cause of the error, and we'd like to apologise to anyone that may be impacted."
At this point, TSB holding up its hands and saying sorry is probably of little to no comfort to customers, and we’d imagine confidence in the firm is at an all-time low.
That, however, is not the only problem it will have to deal with. By inadvertently sharing customer data in this way, TSB is surely in breach of data protection laws, and with GDPR coming into force less than two weeks ago, the firm’s timing could not have been worse.
The Information Commissioner’s Office has yet to exercise its fining powers under the new regulations – but that could change soon. With web giants Facebook and Google also in trouble with lawmakers, the race appears to be on to be the first company to get hit with a GDPR mega-fine. TSB must surely be in with a shout, at least. In the ICO’s own words, it’s "continuing to make enquiries in relation to TSB and we are aware of ongoing issues.”
To make matters worse, criminals are using the disruption to line their own pockets. Using customer information gleaned from phishing scams, the fraudsters have been contacting mobile phone networks and getting their victim’s phone numbers transferred to new SIM cards. The scammers can then receive notifications and messages from the bank and bypass security measures. As the Register reported, one customer lost £12,500 in two hours as a result of the scam. And while it was happening, he was desperately trying to contact TSB to stop it – with little success.
What Can SME's Learn From This?
While this all might seem like it’s happening in some far-off land, away from everyday life, TSB’s ongoing woes provide real lessons for small and medium businesses. One huge mistake that organisations often make is failing to see just how instrumental technology is to their everyday running. High-profile cases like TSB’s bring this to the fore, of course, but it doesn’t necessarily require a catastrophic system failure for poor IT practices to have a detrimental effect. As well as the risk of cyber crime facilitated by poor IT habits, the accumulation of small technical issues can result in significant losses too.
Perhaps, then, there’s a chance for some good to come out of the continuing TSB farce. Other organisations might look at what’s happening and realise just how reliant they are on technology and, therefore, how important it is to invest in it.
Of course, that’s probably not going to make TSB’s bosses or their customers feel any better about the events of the last few months, but it’s something at least.
Are your IT solutions up to scratch? Find out before it's too late. Contact us for a friendly, obligation-free chat about your requirements.