Category: The Authorities

TSB Fined

If you are or were a TSB client then you will remember the meltdown of their computer systems back in 2018.

TSB tried to move their computer systems from their own to those of Sabadell which bought TSB in 2015.

Whether it was lack of testing or bad management or unrealistic expectations or just plain incompetence, the result was millions of their customers couldn’t access their money, direct debits failed leading to penalty costs on their customers and more.

It was the lead story on the news for days as many people had their lives turned upside down by the sudden shutdown of their accounts.

The Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA) concluded that TSB failed to organise and control the programme of work and failed to manage the operational risks of the software migration.

The FCA fined TSB £29.8 million and PRA sanctioned TSB for £18.9 million, adding to the £32.7 million it cost TSB to set right damage to their customers accounts.

We rely so much nowadays on computer systems and their information and its up to all organisations to protect their customers data and access.

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature

Who Do People Contact Over Scams

I assume that many people when scammed contact the Police and probably talk with family, friends and neighbours in order to warn them.

However a legal web site surveyed people on this and the results are a little surprising.

This is a very small scale survey but is interesting.

On a larger scale, people tend to call the Police if there is an immediate situation or their bank or credit card company or similar or all of them. If the scam is finished then they are more likely to report it online to Action Fraud at or by calling 0300 123 2040

Action Fraud do record the reports and can instruct Police to take action in certain cases but otherwise they do little to help.

If you want your money back from a scammer – then a specialist recovery service will generally have better results than officialdom. Even so the chances of getting any money back is slim.

Fightback Ninja Signature

Spoofing Website Closed

The website sold a subscription service to criminals.

The service allowed the scammers to make their phone calls appear as if from a number set by the scammer.

For example, you get a call from British Gas asking for a late payment and when you check – the caller’s number appears to be one of the British Gas authorised numbers.

But it’s been faked.

This is called spoofing.

Fifty nine thousand criminals signed up for the service (costing up to £5,000) and it is estimated they have conned around 200,000 people with help from the website.

Scotland Yard, the FBI and European law enforcement agencies teamed up to investigate.

The suspected mastermind behind the website is Teejay Fletcher and he is in custody, awaiting trial.

The victims were largely in the UK and America but some across Europe and Australia.

The website has been shutdown and the service stopped and in time those responsible will be sentenced for their crimes.

However, more and more of these operations need cooperation from law enforcement across multiple countries as the Internet respects no boundaries and certainly the criminals don’t.

Fightback Ninja Signature

Australians Scammed out of $2 Billion

Australians lost a record amount of more than $2 billion to scams in 2021, despite government, law enforcement, and the private sector disrupting more scam activity than ever before.

This is based on a report including more than 560,000 events and takes data from Scamwatch, ReportCyber, major banks and money remitters, and other government agencies in Australia.

The highest losses were from:

  • Investment scams ($701 million)
  • payment redirection scams ($227 million)
  • romance scams ($142 million).

People aged 65 and over reported the highest losses, and reported losses steadily increased with age.

The ACCC is particularly wanting banks to match payee information in pay anyone transactions. This has been shown to have a real impact in countries that have done so, including the UK.

In 2021, the telecommunications sector’s new Reducing Scam Calls Industry Code resulted in more than 357 million scam calls being blocked.

People in Australia who detect a scam, whether or not they have lost money to it, can report scams and learn more about how to get help on the Scamwatch website at

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature

Caribbean Resort Fraudster Jailed

David Ames has been jailed for 12 years.

His speciality scam was with the front company Harlequin Group which used celebrity endorsements and aggressive sales tactics to con 8,000 investors out of £226 million.

He secured the backing of tennis star Pat Cash, golfer Gary Player and others and of course they had no idea it was all a scam.

His company had 186 accommodation units to sell, such as beach cabanas, villas and hotel rooms.

But he sold each an average of 40 times over – a total of 8,200 sales.  Those extra sales of non existent properties and hotel rooms were his profits.  It could be called a Ponzi scheme.

The customers of course got nothing and it was only a matter of time before he was caught and convicted.

He was sentenced to 12 years in jail.

That is little comfort to the many people who lost tens of thousands or even hundreds of thousands of pounds. In many cases that was their life savings, put down expecting a retirement home but instead being conned out of everything.

Some ‘lucky’ losers may get as much as 2% of their capital back.

Be very careful who you invest with and place your trust in celebrity endorsements- they are paid advertisers.

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature

How to Report a Data Breach to the Information Commissioner

Not all organisation data breaches need to be reported to the Information Commissioner’s Office (ICO).

ICO do recommend that any serious breach is reported to them, but it isn’t mandatory and ‘serious breaches’ are not defined. However, the following should assist data controllers in considering whether breaches should be reported:

  1. The potential detriment to individuals is the overriding consideration in deciding whether a breach of data security should be reported to the ICO. Detriment includes emotional distress as well as both physical and financial damage.

Ways in which detriment can occur include:

  1. exposure to identity theft through the release of non-public identifiers, eg passport number
  2. information about the private aspects of a person’s life becoming known to others, eg financial circumstances

The extent of detriment likely to occur is dependent on both the volume of personal data involved and the sensitivity of the data where there is significant actual or potential detriment as a result of the breach.

Where there is little risk that individuals would suffer significant detriment, for example because a stolen laptop is properly encrypted or the information that is the subject of the breach is publicly-available information, there is no need to report.

  1. The volume of personal data lost / released / corrupted: There should be a presumption to report to the ICO where a large volume of personal data is concerned and there is a real risk of individuals suffering some harm.
  2. The sensitivity of the data lost / released / corrupted:

How to Report a Breach

Serious breaches should be reported to the ICO using the DPA security breach helpline on 0303 123 1113 (open Monday to Friday, 9am to 5pm). Select option 3 to speak to staff that will record the breach and give you advice about what to do next or report in writing using the  DPA security breach notification form, which should be sent to the email address [email protected] or by post to the office address at:- Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.

When a breach is reported, the nature and seriousness of the breach and the adequacy of any remedial action taken will be assessed and a course of action determined.

ICO may:

  • Record the breach and take no further action, or  Investigate the circumstances of the breach and any
  • remedial action, which could lead to further action;
  • Set a requirement on the data controller to undertake a course of action to prevent further breaches;
  • Start formal enforcement action which could lead to a fine of up to £500,000

For further information see

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature