Lloyds Group to Compensate 450,000 Customers After App Glitch
Lloyds Banking Group compensates 450,000 customers after mobile app glitch exposed financial data.
Summary
Lloyds Banking Group experienced a significant data exposure on March 12, 2026, affecting nearly 450,000 customers across Lloyds, Halifax, and Bank of Scotland after a software defect in a routine mobile app update broke privacy barriers between accounts. Over 114,000 users accessed sensitive information including National Insurance numbers and payment references; the bank has paid £139,000 in compensation to 3,625 customers so far. The incident is being investigated by the Financial Conduct Authority and Information Commissioner's Office, highlighting the risks of application-layer access control failures in financial services.
Full text
Data Breaches SecurityLloyds Group to Compensate 450,000 Customers After App GlitchbyDeeba AhmedMarch 28, 20263 minute read Lloyds Banking Group to compensate 450,000 customers after app glitch exposed data. Find out how the glitch affected Lloyds, Halifax and Bank of Scotland users and what the group is doing next. Lloyds Banking Group has begun paying out compensation to thousands of people after a significant technical failure exposed private financial information. The incident, which took place on 12 March, affected nearly 450,000 customers across the group’s three main brands: Lloyds, Halifax, and the Bank of Scotland. What Happened During the Glitch? Lloyds blamed the chaos on a software defect introduced during a routine overnight update to the bank’s mobile apps. As per media reports, due to this error, the privacy barriers between different accounts failed for several hours. As a result, 447,936 customers either had their own data shared or were able to see transactions belonging to strangers. Furthermore, over 114,000 users actually clicked on these rogue transactions. In doing so, they may have seen highly sensitive details, including National Insurance numbers, payment references, and specific account information. It is worth noting that the glitch even exposed the data of people who do not bank with the Lloyds group, particularly if they had recently exchanged money with one of the group’s customers. Impact on Customers The human cost of this error was substantial. For many, the damage was already done the moment they opened their apps. Some users reported feeling “traumatised” after logging in to find unfamiliar spending on their screens. One customer told the BBC she panicked after seeing an £8,000 car purchase, fearing her identity had been stolen. While the bank says no customers have suffered financial losses so far, the breach caused widespread alarm. Jasjyot Singh, consumer relations head at Lloyds, issued a formal apology to the Treasury Select Committee. So far, the bank has paid £139,000 in goodwill compensation to 3,625 customers for the distress and inconvenience they faced. The Price of Modern Convenience Dame Meg Hillier, Chair of the Treasury Committee, noted that while we love the ease of banking on our phones, this event shows there is a clear trade-off. Moving our financial lives online means placing a lot of faith in technology that can suffer unpredictable errors. As per the latest updates, Lloyds is now working with the Financial Conduct Authority and the Information Commissioner’s Office to ensure such a leak does not happen again. This incident highlights the need for banks to build more reliable systems rather than just fixing problems after they occur. Chris Radkowski, GRC Expert at Pathlock, a Denver-based security provider, shared his thoughts on the matter with hackread.com. He explained that the Lloyds incident is a clear example that you don’t need a hacker for data to be exposed; a single software defect was enough to break the boundaries between half a million accounts. “The Lloyds incident is a powerful illustration that data exposure doesn’t require an attacker; a single API defect was enough to break the boundaries between nearly half a million customer accounts. Authentication was working perfectly; what failed was application-layer access control. That distinction matters. Financial institutions cannot afford to treat data isolation as a deployment checkbox. Continuous monitoring of who can access what and immediate detection when those boundaries break is now table stakes for any bank operating at digital scale.” Deeba Ahmed Deeba is a veteran cybersecurity reporter at Hackread.com with over a decade of experience covering cybercrime, vulnerabilities, and security events. Her expertise and in-depth analysis make her a key contributor to the platform’s trusted coverage. View Posts BankingCybersecurityFintechGlitchLloydsPrivacy Leave a Reply Cancel reply View Comments (0) Related Posts Security Malware Hackers using hacked WordPress & Joomla sites to drop malware Apparently, the malware attack is carried out by Russian speaking hackers. The IT security researchers at Zscaler have… byWaqas Read More Security Cyber Attacks Cyberattack on UK IT Firm Swan Retail Affects up to 300 Retailers Update: The article was updated on August 23rd, 2023, with new information, and the title was corrected from… byDeeba Ahmed Cyber Crime Cyber Attacks Security Cyberhitmen hired for sustained DDoS attacks against mans ex-employer John Kelsey Gammell, a 46-year-old man from Minneapolis, MN has been charged with hiring cyber attackers to target his ex-employer… byWaqas Read More Security Cyber Attacks Data Breaches News London NHS Crippled by Ransomware, Several Hospitals Targeted London hospitals crippled by cyberattack! This incident highlights the growing threat of ransomware on healthcare systems worldwide. London’s… byWaqas