Anyone exploiting the loophole would have been able to view a customer’s bank, savings, credit card or loan details online. The flaw was first spotted by MoneySavingExpert, which gave the banks time to fix it before revealing it publicly.
To exploit the flaw, someone would have first needed three pieces of accurate information on one of the bank’s customers – name, date of birth and postal address. This would have allowed them to set up a Halifax or Bank of Scotland savings or current account online.
New customers who set up an account, even if they did not put any money in, would have gained access to it online, assuming they followed the correct instructions.
Once the account was set up and viewable online, Halifax/Bank of Scotland automatically links all products customers have with either bank. Therefore, they can see info on those accounts including account numbers, sort codes, balances, overdraft limits, direct debits and standing orders.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now