Data is a hot topic at the moment with GDPR on the horizon. As a society we are becoming more and more aware of what personal data is and how it should be used, shared, collected as well as how it shouldn’t be exposed, used and shared!!
All data is and should be private, so when something happens to our data, we feel violated! So imagine how the victims of the recent TSB data breach must have felt!
TSB have recently been in the news due to a ‘botched’ data system upgrade. The story has taken much column space as well as creating a real buzz on social media, but not the kind of press you would want to be receiving.
Over the weekend of the 20th– 23rdApril the online banking system was due to be down for a system change over due to the new ownership of the financial service. This would have meant that the 5 million customers of TSB wouldn’t have been able to log in to their banking over this period, not great but not a huge issue. However, problems came to light on Sunday evening after the system had been switched back on, there was uproar on social media from existing TSB customers.
People were claiming they could see other people’s accounts and accounts information and of course if they could see theirs then surely it would work the other way around too?! Not the best security you want from your bank. Other people were claiming they couldn’t even see their own accounts or access their money.
TSB claim that the ‘small glitch’ that only ‘affected 2% of their customer base’ was linked to nominated accounts where individuals were linked to other individuals they could see each other’s account information.
The online system was yet again turned off for another few hours to fix the ‘glitch’. As small as this may have felt to TSB as it only affected 2% of their customer base, it must have actually affected far more than this. Confidence in the organization is very likely to suffer but not only that it could have an impact on confidence for general data protection and how organizations of any industry can insure security.
We understand the possibility and the impact of a data breach and to ensure we are in the best situation we can be in we have made sure that we are ISO 27001 registered. The ISO 27001 certificate sets out a best-practice approach for an information security management system (ISMS) that can be followed by all organizations.