Case Study: Starling Bank achieves stronger protection of customers' funds and scalable security with HackerOne

Starling Bank Protects Customers’ Funds with Hacker-Powered Security

Starling Bank is a digital-only challenger bank serving millions of customers that prioritizes protecting customer funds and PII. Facing an evolving attack surface, the bank needed more security resources and flexible testing beyond traditional pentests—along with streamlined remediation, 24/7 triage, GDPR-compliant processes, and representative demo environments—to scale its security program and validate vulnerabilities more effectively.

Starling partnered with HackerOne for a layered approach—implementing a public Vulnerability Disclosure Program, a private bug bounty in pre-production demo environments, and HackerOne Triage and Advisory services. The global researcher community uncovered niche and OWASP-class issues, prompting Starling to build automated tooling and integrate findings into its development pipeline. The result: faster, higher-quality remediation, better visibility and prevention of recurring issues, and scalable, around-the-clock coverage that strengthened protection for customers’ funds and data.

Starling Bank

Mark Rampton

Head of Cyber Security