The data breach impacted 447,936 customers, with about 114,182 of them clicking into transactions that revealed sensitive details such as account information, national insurance numbers, or payment references. The glitch was caused by a software defect introduced during an overnight IT update to mobile banking apps on March 12. According to a Lloyds spokesman, the issue was quickly identified and resolved, and the bank has contacted customers whose transactions may have been visible for that short time.
Lloyds reported itself to the Financial Conduct Authority on the morning of March 12, and notified the Information Commissioner's Office within 72 hours as required by law. The bank has paid £139,000 to compensate 3,625 customers for distress and inconvenience, and no customers have suffered any financial losses as a result of the IT failure.
There is currently no evidence of misuse or malicious activity as a result of the incident through our fraud and cyber monitoring process.
Jasjyot Singh, Lloyds chief executive of consumer relationships, stated there is currently no evidence of misuse or malicious activity as a result of the incident through the bank's fraud and cyber monitoring process. He added that the bank is asking any customers who may have recorded, taken screenshots, or posted information about other users to delete the information, and will continue to monitor potential fraud closely.
However, it remains unclear how many non-Lloyds customers had their data exposed, what specific software defect caused the glitch, or how long exactly the data was visible to other users. Questions linger about what measures are being taken to prevent similar incidents in the future and whether there will be regulatory fines or investigations beyond the self-reporting, as the bank works to address the fallout from this significant data exposure.
Our priority now is to complete our full analysis, continue to monitor closely, and ensure we learn from this incident.