Lloyds Banking Group exposed personal data of up to 447,936 customers during an IT glitch on March 12. The glitch allowed users to see other customers' transactions, including account details and national insurance numbers. Britain's Treasury Committee disclosed the breach on Friday. The bank paid £139,000 in compensation to 3,625 customers for distress and inconvenience. No customers have suffered financial loss so far according to a letter from Lloyds published by the committee. The glitch affected customers at Lloyds, Halifax, and Bank of Scotland. 114,182 people clicked on transactions that revealed other users' personal information.
Customers saw payments and charges on their apps that belonged to other people. One customer told the BBC "I genuinely thought someone had cloned my details. One transaction was by someone who bought a car. I thought they'd spent £8,000 of my money." Lloyds said a software defect during an overnight update caused the breach. Jasjyot Singh, chief executive of consumer relationships at Lloyds Banking Group, said the bank is asking customers who may have recorded, screenshotted, or shared information about other users to delete it. "There is currently no evidence of misuse or malicious activity as a result of the incident through our fraud and cyber monitoring process," he said. The bank will continue monitoring for potential fraud.
Britain's Treasury Committee requested further explanation from Lloyds regarding the cause of the glitch. Lloyds must provide updates to the committee within one month and after six months. Lloyds Banking Group serves 26 million customers, making it the UK's largest provider of retail and commercial banking services. The bank is asking customers to delete screenshots and recordings of other people's financial data they saw during the glitch. This request assumes customers will voluntarily destroy evidence of the bank's failure. There is no mechanism to verify compliance. There is no penalty for keeping the data. The bank exposed 447,936 customers' account details and national insurance numbers then asked nicely for people to delete what they saw.
114,182 people clicked on transactions that revealed other users' personal information. Those people now have account details and national insurance numbers for strangers. Lloyds claims there is no evidence of misuse through their fraud and cyber monitoring process. The same monitoring process that failed to prevent a software update from exposing nearly half a million customers' data to each other. The bank paid £139,000 in compensation to 3,625 customers. This averages £38 per compensated customer. The bank exposed personal data for 447,936 customers but only compensated 3,625. The compensation covers distress and inconvenience, not the permanent exposure of account details and national insurance numbers that cannot be changed.
A software defect during an overnight update exposed the data. The UK's largest retail and commercial banking services provider deployed a software update that allowed customers to see other customers' transactions without detecting the problem before rollout. The glitch lasted long enough for 114,182 people to click on transactions revealing other users' information. Lloyds serves 26 million customers. The bank slashed physical branch networks to cut costs and shifted customers online. The digital banking infrastructure that replaced physical branches exposed 447,936 customers' personal data in a single software update. The bank cannot reverse the exposure. The bank cannot guarantee customers deleted screenshots. The bank cannot change the exposed national insurance numbers.
Blackout VPN exists because privacy is a right. Your first name is too much information for us.
Keep learning
FAQ
What happened in the Lloyds glitch?
A software defect during an overnight update on March 12 allowed customers to see other customers' transactions, including account details and national insurance numbers. 114,182 people clicked on transactions that revealed other users' personal information.
How many customers were affected?
Up to 447,936 customers had their personal data exposed. The glitch affected customers at Lloyds, Halifax, and Bank of Scotland. 114,182 people clicked on transactions revealing other users' information.
What compensation did Lloyds pay?
Lloyds paid £139,000 in compensation to 3,625 customers for distress and inconvenience. This averages £38 per compensated customer. The bank exposed 447,936 customers but only compensated 3,625.
What is Lloyds asking customers to do?
Lloyds is asking customers who may have recorded, screenshotted, or shared information about other users to delete it. There is no mechanism to verify compliance and no penalty for keeping the data.
Can the exposed data be changed?
No. Account details and national insurance numbers that were exposed cannot be changed. The bank cannot reverse the exposure or guarantee customers deleted screenshots of the data they saw.