Flux Data Breach?

I recently had an issue with one of my Starling transactions in September where Flux had somehow attached a digital receipt from EAT to a purchase I made at a BP (Non Flux retailer) garage.

Seems a bit of a fluke how I made a transaction for the same amount, date and time as another customer in another retailer.

Not sure who, out of Startling or Flux caused the issue. Needless to say, I’ve now unlinked my Startling account with Flux as I’m rather wary how data is matched against each customer transaction.

Has anyone else had this problem?

I queried this with Flux and got the below response:

Thanks so much for being patient while we got to the bottom of this.

In order to generate a Flux receipt, our system takes partial information received from a Flux-enabled retailer and ‘matches’ it to information we receive from a bank about the same transaction.

We’re able to do this because the unique data points sent by both the bank and the retailer allow us to accurately identify individual transactions and piece them together.

But in this case, it looks like your transaction was made at the exact same time as another Flux user, and one of the data points provided for their transaction by Starling matched one of yours. So when we ran our ‘matching’, our system also attached the Flux receipt to your account as well as the other user’s.

This is super rare and the first time we’ve seen it happen. Rest assured that the other recipient of the Flux receipt didn’t see any information about you or your bank - and you weren’t able to see any of theirs either. But this definitely shouldn’t have happened, so we’ve let Starling know and we’ve now put safeguards in place to ensure that this doesn’t happen again.

If you’ve got any questions about this please don’t hesitate to reach out and I’ll be happy to help - our CTO Tom is also happy to have a chat if you’ve got any specific technical questions.

1 Like

That sounds like a plausible explanation to me. Not good that it wasn’t found in testing.

2 Likes

Agreed - I think that’s a really good response to the issue.

2 Likes

Sounds like Flux to me. An error with their matching algorithm.

1 Like