back to article TSB meltdown latest: Facepalming reaches critical mass as Brits get strangers' bank letters

TSB customers have reported receiving letters from the British bank containing other people's details in the embattled firm's latest cock-up. The bank went into meltdown at the end of April when a long-planned migration off its former parent Lloyds Banking Group's infrastructure went badly wrong. Customers were unable to …

Silver badge
Trollface

Hi kids

Today we're going to learn to spell GDPR.

47
0
Anonymous Coward

Re: Hi kids

Tomorrows lesson is percentages and we're going to start at 4%

24
0
Silver badge

Re: Hi kids

Tomorrows lesson is percentages and we're going to start at 4%

I wish, you wish. But the limpwrists at the ICO have already said that they're going to go softly softly on enforcement this year, preferring education and improvement. Because those poor, poor businesses have only had two years to prepare themselves. Oh, and another four years since the original GDPR proposal was released.

This is only fair for the destitute and beleaguered financial services sector. Lets face it, if you only had six years to prepare for something (eg a new speed limit), you'd be deserving of special leniency for a year or more after it came into force?

23
1
Anonymous Coward

Re: Hi kids

Interestingly difficult to find up-to-date turnover ("revenue") figures for TSB. Wikipedia's latest numbers are dated 2014. The 2017 annual report rewports "income" of £1,096.1

( https://www.tsb.co.uk/investors/results-reports/ ) ... so a £40m fine, which will lose a few people their bonuses but shouldn't be that big of a deal for any properly capitalised bank. The ICO fine isn't where they're going to feel the pain; it's the FCA and PRA. I've been a tangential witness to the consequences of the FCA's more, er, focused officers getting very interested in an organisation after a spot of operational bother. It was serious brown-trousers (and skirts) time in the C-suite. Folk knowledge and urban myth notwithstanding, people DO lose their jobs, they DO get disbarred from practice, and in some cases they do get personally prosecuted. Not, perhaps, as often as should be - and they could certainly do with a honking great budget and headcount increase, as could other UK regulators - but in screwups this public, where every MP has affected consitituents, and sees an easy, popular target in front of them; and for every ambitious young FCA / PRA whiplasher, this is going to be fish in a barrel time.

I am open to the possibility of having my head up my naive old arse, but let's see how it goes.

10
0
Silver badge

Re: Hi kids

I wish, you wish. But the limpwrists at the ICO have already said that they're going to go softly softly on enforcement this year, preferring education and improvement.

I wonder if ICANN will try to say they are a bank...

10
0
Silver badge

Re: Hi kids

" But the limpwrists at the ICO have already said that they're going to go softly softly on enforcement this year, preferring education and improvement."

I think you will find that blatant incompetence with widespread impact will still result in a large fine. The softly softly is for stuff that's new under GDPR and that might not have been clearly understood or implemented in time.

1
0
Silver badge

Re: Hi kids

Given that the screwed all of this up before the 25th, does GDPR apply at all?

0
1
Silver badge

Re: Hi kids

Tomorrows lesson is percentages and we're going to start at 4%

I've been wondering about that. I mean, lets assume the ICO actually grow a pair and start using their powers.... Surely this is an incentive to restructure every pan-European company into seperate entities? TSB is UK only, so fines would be capped at 4%. Someone like, say Farcebook, is pan-European, so could be fined 4% in each legal jurisdiction, which adds up to rather a lot more.

Obviously, that'd only be relevant, as I said, if the ICO actually started to do their jobs instead of simply existing to protect corporate law breakers from robust legal action.

2
0

Sms Should not be used for 2fa purposes

It should be code generator ( Authenticator app) or the banking app it self

1
0
Anonymous Coward

Well on the plus side for them - its a bank, so no one will be held to account.

35
2
WTF?

Guiness Book Of World's Records

Who is trying to scoop the pool for the most disasters in one gloriously screwed up project?

It must be time to hit both the stop and re-set buttons and try to do something else.

11
0
DJV
Silver badge

Re: Guiness Book Of World's Records

Yes, I hear they are going into the brewery business and are going to attempt to organise a piss-up...

17
0
Silver badge

Re: Guiness Book Of World's Records

At least if they'd managed to delete every customer file, they wouldn't have to worry about data protection.

Don't need to protect the data if you've deleted it all ;)

3
1
DJV
Silver badge
Facepalm

TSB

A Totally Stuffed Bank whose managers appear to be Tiptoeing Silently Backwards, the Terminally Stupid WBankers!

13
0
Silver badge

Not fit for (any) purpose

The buck stops with the CEO and other directors. They should be made personally liable for this mess, and reimbursing every customer. This is now becoming an absurd comedy of errors. The directors need to be punished. They're not running a cinema, or a supermarket, or an email service. This is a bank, and certain standards need to be adhered to. It is absolutely clear that the management of this organisation don't give a shit about their service.

22
0
Silver badge

Re: Not fit for (any) purpose

Oh, they have standards. They're not very high, but they've got them.

They weren't all that clueful back before Lloyds gobbled them up, when they started calling themselves the TSB Bank. So that'll be the Trustee Savings Bank Bank, then?

Resurrected, it seems it's [monkey] business as usual for TSB.

11
0
Silver badge
Mushroom

Re: Not fit for (any) purpose

The buck stops with the CEO and other directors. They should be made personally liable for this mess, [..]

What, like this?

https://www.bankofengland.co.uk/prudential-regulation/key-initiatives/strengthening-accountability

and reimbursing every customer.

If you had the slightest idea what you were talking about, you wouldn't say something so silly. :)

6
0
Anonymous Coward

This may explain why I haven't yet received a letter about my complaint to TSB (which related to a comparatively minor issue of being unable to get online statements).

Surely they can't come back from this?

6
0

This story brought me so much joy and happiness. It’s just too perfect!

Needless to say I’m not a customer.

9
0
Silver badge

Why do they still have customers?

There's data clusterfuck that's still not over, not even a month and a half later.

Scamming still carrying on, possibly due to crappy website security.

Seems like the bank hasn't rolled out extra customer support channels.

The only thing that's going to happen if this is allowed to continue is other banks won't bother either.

10
0
Silver badge

Re: Why do they still have customers?

Because TSB are in such a meltdown that leaving takes weeks.

And in some cases kills the customer - several suppliers with Direct Debits with people who've closed their TSB accounts have been sent letters saying the account holder had died.

That mess is also quite hard to resolve.

7
0
Anonymous Coward

Re: Why do they still have customers?

If you leave now you'll miss out on all the compensation.

6
0
Silver badge

Re: Why do they still have customers?

Keep a quid in the account.

9
0
Silver badge

sql

I was going to say perhaps a schema has changed and the joins don't reference the right columns any more.

Then I thought, Nah I don't have a clue. A professional team could not make that kind of mistake.

Then I thought have they employed a professional team?

I don't know what my colleagues think of my work practices when I spend most of my time looking out of the window. I call it planning.

9
0
Anonymous Coward

Re: sql

“I thought they employed a professional team”

You must have missed the memo. They employed IBM.

18
1
Silver badge
Mushroom

Re: "Terminally Stupid Bankers"

Taking Security Backwards with a Technical Screwup Blitzkrieg.

Soon to be a Totally Suspended Bank, hopefully.

9
0
Silver badge

I've only just got access to my business accounts today!

Seven weeks. A day's worth of sitting on hold and a full day in branch to get this resolved.

I'm going back tomorrow to get compensation sorted.

9
0
Silver badge

In your situation I would be going back tommorrow to close the accounts....

<<<waiting for the banks he has money in to go TITSUP

7
0
Silver badge

Well I've been with them since the 90's and this is only the second time I've had to make a complaint so I'm not going to have a knee jerk reaction and close the accounts (an action that would require some effort on my part) and move to a bank that might be worse.

1
0
Anonymous Coward

... and Crapita

Just received a letter from Crapita to somebody who has never, ever, lived here.

Better half used to work for Crapita.

Crapita (Hartshead subsidiary) were anxious to explain how GDPR might affect this person and how they used personal data in relation to the pension fund.

Perhaps they out-sourced the out-source to the same people?

12
0
Silver badge

Re: ... and Crapita

In a way, I'm almost disappointed TSB made such a thorough job of spraying themselves in ketchup and BBQ sauce and jumping up and down in front of the metaphorical ICO dragon shouting "Me! Me! I taste delicious!! Come on, then you tosser, come and have a go if you think you're flamey enough!!" Not to worry.... there's a long tail of other fun test cases and precedents to litigate, no doubt it'll still be getting fought out well in to the 2020s. If anyone can afford lawyers after Brexit.

12
0

Re: ... and Crapita

Sorry, are you admitting to opening post not addressed to you? You know you're not meant to do that, right?

Blot out the address (not technically required but sometimes the helpful posties will attempt to redeliver if the address is still visible), scrawl "not know at this address" on the envelope, stick it back in a post box.

3
0

Re: ... and Crapita

Nat West tried this line with me when I opened letters for the last owners of my house. I opened the letters because I did not want the bailifs turning up on my doorstep trying to recover their debts.

As I'd already informed NatWest that the people they wanted did not live at my house I managed to wring an admin fee out of them.

4
0

Re: ... and Crapita

If I'm getting letters delivered to my address but to people I've never heard of your damn right I'm opening them.

When the oh so charming bailiffs turn up trying to enforce a writ I want some advance warning.

Been there done that.

In my experience they’re not that bothered about mistaken identity either, my girlfriend (now wife) had two goons turn up to try and collect on a debt for a woman with a different first name, birthday and address to her (woman at one stage lived about 20 doors away) from an organisation she had no links with whatsoever.

I would add these two were at the more budget end of the debt collection spectrum rather than the more pucker one’s you might’ve seen on TV.

3
0

My guess is that it is a physical device problem: letter folder taking two sheets at a time instead of one.

6
0
Silver badge

weight

That is why you should measure the weight of the letters.

6
0
Silver badge

"It's a bank in absolute meltdown – they've totally lost all grip of how to respond to customers."

That right there is the biggest mistake.. Since when did banks care one whit about their customers?

8
0

Has anybody tried...

...switching the bank off, then switching it on again?

22
0
Silver badge

Re: Has anybody tried...

"Has anybody tried switching the bank off, then switching it on again?"

They switched it off at least.

4
0

Enough blame to go around.

In the case of the SIM fraud, they should be suing the network provider as well as the bank.

15
0

Re: Enough blame to go around.

Correct. SIM swap fraud is far from a new thing, and if a phone company doesn't authenticate its customers correctly then it's a very easy thing to do.

6
0
Anonymous Coward

Ha, admittedly it is fun until someone looses an eye

Do not think for one second that any of the other banks are more competent, they just have more experience at hiding their cockups.

Given that Banking is the last major industry in the UK and with the sale of the last of the country's gold by G Brown resulting in GBP being is based soley upon GDP then you would imagine that something would be done about having a GDP once banking falls over for good.

Perhaps if we all leave the UK, become EU citizens after BREXIT and then come back as immigrants then we can finally have an intelligent say in how the country is run.

9
2
Anonymous Coward

Typical Spanish Bank?

Ola adiós

0
0

SMS is not a secure method of delivery for 2 Factor authentication....most people in IT have known this for at least 3 years now - SIM swapping is just too easy.

How in holy hell a bank is allowed to continue to use this method is beyond me...

It's really not that hard to implement either Google authenticator or something like symantec VIP

11
0
Silver badge

Or a card reader where you show you have the card and know the PIN but don't input it on either a computer or a mobile app.

6
0

"....most people in IT have known this for at least 3 years now"

Three years?! If they are in their early 20s maybe but the rest of us knew this after thinking about the process for about 30 seconds.

6
0
Anonymous Coward

TSB

Treating

Scammers

Better

1
0

Interestingly, one of the things mentioned is getting much more common. It is incredibly easy to have your phone hijacked. PAC codes are almost completely insecure. Happened to me.

4
0
Silver badge

How close are the BoE to pulling the plug?

3
0
Bronze badge

I'm going back tomorrow to get compensation sorted.

I think "the best offer" you'll get is a free lifetime coffee/tea or £100 (whichever is lower).

But the limpwrists at the ICO have already said that they're going to go softly softly on enforcement this year, preferring education and improvement.

The Australian Competition and Consumer Commission is mandated to be champion for consumer law. The recent Australian Royal Commission on the banks have lifted a lid about how the ACCC works. One of the things mentioned is that the ACCC is (mostly) staffed by bank employees in secondment to the ACCC. These people help the Australian banks getting away with some of the dodgiest banking practice we've ever seen. This is also one of the biggest reasons why the ACCC is reluctant to go after the big four banks in Australia and instead, it goes after the small banks & business (like a bully).

Since Australian systems are basically a copy of the British system, maybe they have the same sort of practice (hence the "softly, softly" approach)?

4
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018