Lloyds TSB bank clerks accused of installing hardware device to help them steal £2 million

Lloyds TSBThree Lloyds TSB employees have been accused of conspiring to steal over £2 million from bank accounts, after allegedly installing a hardware device to steal passwords from the banking group.

According to British media reports, the Old Bailey has heard that Halifax branches in Slough, Newbury and Camden were targeted in the alleged conspiracy between July to September 2012.

In those Halifax branches, part of the Lloyds banking group, a device was allegedly installed on an internal account workstation, stealing credentials with the intention of making fraudulent transfers.

Prosecutor James Thacker explained to the court that the “USB mouse, keyboard and mass storage” device gave the alleged fraudsters remote access to workstations, via the internet.

“The device allowed remote access into the secure banking systems that led to fraudulent transfers being made by the criminal group, causing significant loss to the bank.”

“Although over £2m was intended to be obtained, the loss to the bank was just over £440,000.”

The court heard that in August 2012, a branch manager at Halifax in Slough became aware of a suspicious transaction into a customer’s account of £50,000.

“All the transfers had taken place that day between 5.59am and 7.15am – a time when the branch was closed.”

I haven’t heard any evidence other than that covered by the media, but the allegation sounds similar to attacks reportedly perpetrated against Barclays, and prevented at Santander, last year.

In the Barclays case, a gang member – posing as an IT technician – walked into a bank branch and connected the device to a computer, hoping that staff would believe he was there for legitimate reasons.

The device, a KVM (“Keyboard video mouse”) switch attached to a 3G router, allowed the hackers to record staff keypresses, and screen activity, helping them to steal password information. The criminal group then allegedly used the information to remotely transfer money to other accounts.

Dean Outram, 34, was convicted for his part in that plot earlier this year.

Sign up to our free newsletter.
Security news, advice, and tips.

The three men currently standing trial at the Old Bailey in London are Tai Hulbert-Thomas, 27, of Oxford, Neil Bautista, aged 22, from Maidenhead, and 30-year-old Mawli Thurairajah of Harrow.

All three deny the charges against them, and the trial continues.

What happened or didn’t happen in this particular case is a matter for the courts to decide, but there’s clearly a need for organisations to keep a close eye not just on the threat posed by external hackers but also the insider threat of rogue employees.


In March 2015, the media reported that the cases against Hulbert-Thomas, Neil Bautista, Mawli Thurairajah, and another man (Joe Mariathas, 22, of East Ham, London), had been dismissed.

A spokesman for the Old Bailey said: “The prosecution offered no evidence and the case was dismissed.”

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.