A software defect from an overnight IT update caused a technical glitch at Lloyds Banking Group that allowed some customers to view other people's account details, according to multiple reports. The incident occurred on the morning of Thursday, March 12, according to the same sources. Customers of Lloyds Bank, Halifax, and Bank of Scotland were affected by the vulnerability, which exposed sensitive financial information to unauthorized viewers.
Up to 447,936 customers across Lloyds Banking Group brands may have been affected by the glitch, according to multiple reports. Of these, up to 114,182 customers clicked through to view detail behind individual current account transactions and may have been presented with information about individual payments, according to Jasjyot Singh, CEO of Consumer Relationships at Lloyds Banking Group. The bank has not identified evidence that customers have suffered financial loss from the glitch, according to Singh's statement.
Lloyds made goodwill payments totalling just over £139,000 to some 3,625 customers as of March 23, averaging around £40, according to multiple reports. Affected customers were offered payments of £25, £40, or £50 after reaching out to their bank, according to the same sources. From March 24, all customers who may have viewed other people's transactions or had their transactions incorrectly seen by others will be alerted in their app, according to Lloyds.
Lloyds Banking Group has begun an internal review to understand the root cause and prevent a recurrence, according to research sources. The bank acknowledged the incident in multiple statements, with one noting that customers may have briefly seen transactions that weren't theirs due to an internal IT change, according to the bank. Another statement from the banking group said the issue was quickly resolved and they're looking into what happened, according to the same source.
Lloyds Banking Group is facing questions from the Treasury Committee after customers reported being able to see other people's transactions in their banking app, according to multiple reports. Treasury Committee chairwoman Dame Meg Hillier wrote to Lloyds requesting information on the number of affected customers, expected compensation payouts, and the nature of the information which became visible, according to the same sources. The Financial Conduct Authority (FCA) was in contact with Lloyds to understand what happened and how it was being resolved, according to multiple reports.
On 12 March, a limited number of customers using our app may have briefly seen transactions that weren't theirs due to an internal IT change.
An FCA spokesperson stated that the regulator expects firms to protect customer data and be able to respond to and quickly recover from disruptions, according to the regulator. The Information Commissioner's Office has confirmed it is making enquiries about the incident, according to the privacy regulator.
A separate technical issue at NatWest caused delays in money transfers between current accounts and pots, according to multiple reports. The NatWest issue has impacted hundreds of people, according to the same sources. NatWest apologized and said the problem has been caused by a delay with transfers, no one has lost any money, and balances will be updated shortly, according to the bank.
Other brands in the NatWest group, Royal Bank of Scotland (RBS) and Ulster Bank, have not been affected by the transfer delay, according to multiple reports. The exact number of NatWest customers affected by the transfer delay issue remains unclear, as does the specific technical cause of the problem.
In related developments, Lloyds Bank clarified a discrepancy where account names can look different temporarily between online banking and the app due to separate updates, but nothing has changed with the accounts themselves, according to the bank. Lloyds Bank is offering cash incentives for switching to certain accounts, such as £200 for Club Lloyds accounts or £500 for a Premier account, according to multiple reports.
In legal context, Comsure is applying for exemptions in UK copyright law to use copyrighted works of others for purposes such as non-commercial research, criticism, review, and reporting of current events, according to research sources. Comsure acknowledges the work of source authors by providing links to the source material and claims no ownership of non-Comsure content, according to the same sources.
We’re sorry that some customers experienced an issue viewing transactions in the app for a short time this morning. The issue was quickly resolved and we’re looking into what happened.
Several key unknowns remain about the Lloyds incident, including what specific personal data, beyond transactions and national insurance numbers, was exposed to customers during the glitch. The bank has not disclosed how many customers have reported financial losses or fraud attempts as a direct result of the data exposure. Additionally, the root cause of the software defect in the Lloyds IT update remains under investigation, and what measures are being implemented to prevent recurrence has not been detailed publicly.
Regulatory consequences also remain uncertain, including what penalties or actions Lloyds Banking Group might face from authorities like the FCA or Information Commissioner's Office. The duration of the incident shows conflicting reports, with some sources indicating the issue appeared between roughly 07:00 and 09:00 GMT, while other reports suggest different timing. This variation in reported timing could affect understanding of how long the vulnerability was active and the bank's response time.
Customer experiences varied regarding the nature of information exposed. According to reports, some customers described being able to see accounts of multiple users, including some National Insurance numbers, over a period of time. Other customers reported seeing account numbers, balances, and transactions, suggesting different sources have varying details on the sensitivity of the data exposed.
According to reports, some customers described seeing numerous transactions they didn't recognise, including large payments. Other customers reported feeling panicked after seeing unrecognisable payments in their app. Financial experts expressed concern about the incident's implications, with some describing it as a breach of data privacy and noting it was unusual at this scale for a bank.
According to reports, some experts advised that customers should never continue a phone conversation if contacted directly by a bank, but hang up and call back using the official number. The incident highlights broader concerns about banking technology resilience as financial institutions increasingly rely on digital platforms.