A technical malfunction across Lloyds, Halifax, and Bank of Scotland apps caused customers to see strangers' transactions, balances, and personal financial information, raising serious data protection concerns.
A major technical failure across Lloyds Banking Group's mobile applications has exposed sensitive customer data, with users reporting they could see other people's transactions, account balances, and personal financial information. The glitch, which affected Lloyds, Halifax, and Bank of Scotland customers, represents one of the most significant banking app failures in recent UK history.
The incident began early Thursday morning when customers across all three banks reported seeing incorrect transactions appearing in their banking apps. Some users found their own balances had disappeared entirely, while others could see detailed information about strangers' financial activities, including workplace details, salaries, charitable donations, and even child benefit payments.
According to reports from affected customers, the malfunction revealed highly sensitive personal information. Commenters under British personal finance expert Martin Lewis's social media posts reported seeing other customers' full names, postcodes, and state pension details. The exposure of such information raises serious questions about data protection compliance and the security measures in place at one of the UK's largest banking groups.
The nature of the glitch appeared inconsistent across users. Some reported both their balances and transactions were incorrect, while others said their balances remained normal but transactions appeared to be from other accounts. Several users noted that restarting the app multiple times did not resolve the issue, indicating a systemic problem rather than isolated technical errors.
Lloyds Banking Group's response to the crisis has been notably limited. The company's social media teams have been copy-pasting the same brief statement across all three banks' pages: "Hi X, Sorry about this. Some customers are having issues with viewing transactions & balances right now. Bear with us as we fix this." This standardized response has done little to address customer concerns about data security and privacy.
Customer support interactions, screenshots of which were shared with The Register, show that Lloyds acknowledged "how worrying this must be" for affected users. Support staff advised customers to avoid making transactions through the apps until the fault was resolved, while assuring them their accounts remained safe. However, this assurance rings hollow given that customers were actively viewing other people's financial data.
The Information Commissioner's Office (ICO), the UK's data protection watchdog, has acknowledged awareness of the incident and stated it will be making enquiries. This development suggests the glitch may constitute a reportable data breach under UK data protection regulations, which require organizations to notify the ICO within 72 hours of becoming aware of certain types of data breaches.
While the exact number of affected users remains unclear, the widespread nature of complaints across multiple platforms suggests the incident impacted a significant portion of Lloyds Banking Group's customer base. The fact that users could see other customers' full names, addresses, and detailed financial transactions represents a serious breach of confidentiality that goes beyond typical technical glitches.
The incident highlights the vulnerabilities inherent in digital banking systems and raises questions about the robustness of Lloyds Banking Group's infrastructure. For a financial institution handling millions of customers' sensitive data, such a fundamental failure in data segregation is particularly concerning. It suggests either a catastrophic error in the app's architecture or a severe security lapse that allowed customer data to be intermingled.
Customers affected by the glitch have expressed frustration not only with the technical failure but also with the lack of detailed communication from Lloyds Banking Group. Many have taken to social media to share their experiences and seek information about the extent of the problem and what steps are being taken to protect their data.
The timing of this incident is particularly problematic given Lloyds Banking Group's recent focus on digital transformation and app-based banking services. The company has been promoting its mobile banking capabilities as a key part of its strategy, making this high-profile failure especially damaging to its reputation.
As the situation develops, affected customers will likely be watching closely for updates from both Lloyds Banking Group and the ICO. The resolution of this incident and any subsequent regulatory actions could have significant implications for how major banks approach data protection and app security in the future.
This event serves as a stark reminder of the risks associated with digital banking and the critical importance of robust data protection measures. For Lloyds Banking Group, the coming days will be crucial in determining how this incident affects customer trust and whether it leads to meaningful changes in how the bank handles and protects sensitive financial data.
The Register will continue to monitor this developing story and provide updates as more information becomes available about the cause of the glitch, the extent of data exposure, and any regulatory actions that may follow.
Comments
Please log in or register to join the discussion