TSB Privacy Snafu as Letters Sent to Wrong Customers

UK bank TSB’s problems just got even worse after it emerged that letters sent to some customers following a major IT incident contained sensitive information on other users.

The high street lender has apologized for the privacy leak, which could fall foul of the GDPR.

Some letters sent out to explain the recent IT snafu reportedly contained a second page with a reference number, name and address of a different customer.

“If I was in any way shady, I could contact them and say that I was from TSB and perhaps trick them into discussing things,” one TSB customer told the BBC. “I have no confidence in TSB at all of controlling their usage of my data and keeping it safe and secure."

In fact, there has been a huge rise in phishing attempts targeting customers of the lender over recent weeks, as fraudsters look to trick users into clicking on links in texts and emails.

A TSB spokesperson acknowledged the privacy error.

“We are working with our third-party supplier to understand the root cause of the error and we'd like to apologize to anyone that may be impacted,” they added.

The original IT problems affected millions of customers, with some reporting that they were able to access the bank accounts of other online users.

It was originally intended that the bank would transfer its underlying IT systems from an old Lloyds Bank platform to a new state-of-the-art in-house IT set-up.

TSB isn’t the only financial institution to have suffered a major IT incident recently. Over the weekend, Visa customers across Europe were hit by a “hardware failure” at the card giant which led to widespread problems using cards.

Around five hours after the initial reports the firm said systems were almost back to normal.

What’s Hot on Infosecurity Magazine?