Lloyds, Halifax and Bank of Scotland customers hit by system outage
The new year got off to a bad start for Lloyds, Halifax and Bank of Scotland customers, who were unable to gain access to their accounts through the banks’ websites and mobile apps for almost eight hours because of an outage.
Customers took to social media apps from around 4am on New Year’s Day to rail against the outage, particularly because many direct debits are due on Thursday. One customer complained that Lloyds was “taking the ‘bank holiday’ a little too literally”.
All three banks, which are part of Lloyds Banking Group, tweeted to say the services were back to normal at around 1.30pm, after apologising to customers and saying they were working to fix the problems. The failure was not thought to be caused by a cyber-attack but rather down to an internal issue.
“Internet and mobile banking is now back to normal,” the bank said in a statement on 1 January. “We’re sorry that some of our customers had issues with it this morning.”
Lloyds reported the incident to financial regulators and is in dialogue with them. “We are aware of the issue and are in contact with Lloyds to ensure its customers are treated fairly,” says a Financial Conduct Authority (FCA) spokesman.
“While nearly all banks will have a disaster recovery strategy in place, as shown by Lloyds, Halifax and Bank of Scotland, it’s clear that these plans are not enough to ensure banking organisations remain online, regardless,” says Steve Blow, UK systems engineering manager, Zerto.
“Many UK consumers will be familiar with their banks taking ‘scheduled downtime’ during the evening as one of those simple facts of life, but there increasing headlines about the disruption of a cyber-attack or updating error,” adds Blow.
The outage means that despite big banks’ best resolutions — and the ire of politicians and regulators — the trend for IT failures looks set to continue in 2020.
Scrutiny of IT issues at financial firms has increased since a series of high-profile problems at companies including TSB and Visa in 2018. The treasury select committee said in October that there was an “unacceptable” level of IT failures among banks.
The financial sector has been put on notice by the FCA and the Bank of England (BoE) to test scenarios for dealing with system outages and cyber-attacks, with senior executives placed in the line of fire and the threat of higher capital charges for lenders taking insufficient steps.
Blow believes that banks need to transition to a cyber resilient approach, without which they cannot truly be considered an always-on service. His formula for achieving an IT resilience strategy is via preventing as much downtime as possible – while understanding that cyber-attacks are an inevitability – and having robust recovery plans and technology to get back up and running quickly.
“Only with these measures will banks be able to really deliver always-on banking that customers expect. It’s mission-critical to take a more resilient approach to IT,” he adds.
TSB is still being investigated by the FCA and the BoE for its 2018 outage, one of the worst in UK banking history, which led to 2m people being locked out of their accounts.
The FCA reported a 138% increase in technology outages in 2018. The impact of such problems has grown as customers have moved to online and phone banking.
Problems are often blamed on the complex IT systems of high-street banks, which have been built up piecemeal through decades of incremental upgrades and acquisitions. However, several new lenders have also run into difficulties because of third-party suppliers.