Banking, payment, and government services were brought to a standstill due to a major LuxTrust outage on Tuesday, Wednesday, and Thursday. Asked about the disruption to this critical infrastructure, banking association ABBL wanted to make one thing very clear: this was no cyber attack.
“It was really a technical outage. There was no data theft, there was no cyber attack”, emphasised Ananda Kautz from the association in conversation with RTL.
Certain businesses that rely on LuxTrust authentification to carry out their banking were affected by the error, which meant they could not make any payments for 24 hours. Similarly, private individuals who use LuxTrust to access online banking from their smartphones could not access their bank accounts.
But there were other options, said Kautz, such as using facial recognition or fingerprint login. It was also possible to make payments to a recipient so long as it was not the first transaction to that recipient. However, adding new recipients was not possible as it required LuxTrust authentification.
Anyone wanting to shop online was unable to do so during the outage, as this also required authentification. “This was a huge limitation and was recognised as a serious incident for banking activities”, said Kautz.
Whilst it was still possible to visit a bank branch to make a transfer, this often comes with an additional cost.
The outage also had repercussions on municipal work, explained Syvicol president Emile Eicher in conversation with RTL. While the accounting service remained operational, many other services were inaccessible. “We couldn’t produce any certificates, even for the population registry. There were also issues with receipts, this can’t be defended”, he said. There were other providers alongside LuxTrust but it is up to the government to coordinate the matter, Eicher stressed.
Kautz said the association was glad to have a robust and secure solution for administrative and banking aspects. It does not make sense to invest in a second solution for a market the size of the Grand Duchy, the association argues. Providing customers with a second authentification option would not seem realistic.
