TSB customers are now being targeted by phishing scams following last week’s IT collapse
British bank TSB was forced to apologise last week after an upgrade to its systems caused the online banking platform to collapse. More than 1.9 million customers had trouble accessing their TSB accounts and many were without their apps or services for five days.
Now, the bank is facing a fresh crisis after it emerged cybercriminals are taking advantage of this downtime, and the many notifications being issued to customers, to launch a widespread phishing campaign.
In a tweet, the bank wrote: “Customers have made us aware that they’re receiving emails and tweets claiming to be from TSB. We would never ask you for your security details such as PIN or full password and we would only contact you via social media from our official @TSB Twitter or official Facebook page.”
It continued that the bank follows the so-called Take Five initiative and is recommending all its customers read the official guidelines to protect themselves.
TSB downtime: What happened?
A tweet from the bank’s official Twitter handle said on Thursday 19 April: “We’re planning an upgrade to our systems between 4pm Friday 20th of April until 6pm Sunday 22nd of April. We’re sorry but during this time some services, like online banking, making payments or transferring money won’t be possible. For details please visit http://tsb.co.uk/upgrade.”
As announced, online services went down on Friday evening, but as of Tuesday morning the bank said it was still experiencing “intermittent issues,” and TSB chief executive Paul Pester was forced to take all services offline on Tuesday afternoon in an attempt to solve the problem.
On Sunday 22 April, during this planned downtime, customers reported being able to access other people’s accounts while a handful had been incorrectly credited with £13,000 after logging back in. The majority couldn’t log in at all, or couldn’t access the details of their accounts even if they did get in.
In a tweet, Pester said: “This isn’t the level of service that we pride ourselves on providing, and isn’t what our customers have come to expect from TSB, and for that I’m deeply sorry,” before adding the bank would be taking its mobile app and online banking down “for a few hours” on Tuesday afternoon to fix the issues.
“Of course, customers can rest assured that no one will be left out of pocket as a result of these service issues,” he later said.
Services were finally said to have been restored at 3:45 BST on Wednesday morning, although a handful of customers were still complaining about not having access on Twitter well into Thursday.
An investigation has been launched to discover what caused the widespread outage. The problems came after a computer migration which saw the bank formally cut its IT ties with former owner Lloyds Banking Group and there has been speculation the two are linked. TSB split from Lloyds in 2013 but was still running on the old computer network and systems.
The Information Commissioner has also said it will look into the claims people could access other TSB members’ accounts. This would signify a major data breach, and TSB faces large fines if it is found to have mishandled the information. In a statement, TSB said: “We have noted some reports in the media regarding customers’ access to account information last night. We can confirm the access issues, which lasted only about 20 minutes and impacted just a tiny fraction of our customer base, were fixed last night.