Lloyds Data Security Incident Exposes Transactions of Users
Basically, a software glitch at Lloyds showed some users' bank transactions to others.
Lloyds Banking Group faced a data security incident affecting 450,000 mobile banking users. A faulty software update exposed transaction details, raising serious concerns. The bank has since resolved the issue and is compensating affected customers.
What Happened
On March 12, 2026, Lloyds Banking Group experienced a significant data security incident affecting approximately 450,000 of its mobile banking users. A faulty software update led to the unintended exposure of transaction details from users’ current accounts to other users of the application. This exposure occurred only when users accessed their transaction lists simultaneously, creating a narrow window for potential data visibility.
Lloyds reported that the issue was identified and resolved within hours, with the update rolled out at 03:28 and fixed by 08:08. The banking giant assured that the problem has not recurred since then, but the implications of such incidents can linger in the minds of customers.
Who's Affected
Out of 21.5 million mobile banking users, 1.67 million logged in during the incident window. However, only 447,936 customers were affected by the exposure of their transactions or had their transactions visible to others. A subset of these users, about 114,182, clicked through to view the details of individual transactions, increasing the risk of exposure.
The types of data that were potentially exposed varied. Users could see transaction amounts, dates, and payment identifiers, which might include sensitive information like National Insurance numbers. In some instances, the transactions visible could relate to individuals who do not bank with Lloyds, adding another layer of complexity to the incident.
What Data Was Exposed
The data exposure included various details, such as:
- Transaction amounts and dates
- Payment identifiers that might include sensitive information
- Sort codes and account numbers for individual transactions
- National Insurance numbers and vehicle registration numbers in some cases
Lloyds emphasized that while users could view others’ data momentarily, the information alone was insufficient for carrying out fraudulent activities. They also reassured customers that account balances were not affected and unauthorized actions could not be performed on anyone else's account.
What You Should Do
If you are a Lloyds mobile banking user, it is essential to stay informed. Here are a few steps to consider:
- Monitor your account for any unusual activity.
- Change your password and enable two-factor authentication if you haven't already.
- Stay updated on communications from Lloyds regarding this incident and any further security measures they may implement.
Lloyds has taken steps to rectify the situation by informing affected customers through social media and offering goodwill payments to those impacted. Approximately £139,000 (~$183,600) was paid to around 3,625 customers as compensation for distress and inconvenience, reflecting the bank's commitment to maintaining customer trust.