LLOYDS Banking Group has disclosed a data security incident that affected close to 450,000 mobile banking users. The incident, which occurred on 12 March, stemmed from a faulty software update that exposed transaction details from some customers’ current accounts to other users. According to the UK’s Treasury Committee, the exposure only occurred when users accessed their transaction lists within small fractions of a second of another person doing the same.
Lloyds said the glitched update was rolled out at 03:28 and the issue was resolved at 08:08, with balances not being affected and unauthorised money movements not possible. The data visible could include amounts, dates, payment identifiers, and in some cases National Insurance numbers or vehicle registration numbers, depending on user actions.
The bank noted that about 1.67 million of its 21.5 million mobile banking users logged in during the incident window, with a maximum 114,182 customers potentially viewing the details behind individual transactions, and it paid roughly £139,000 in goodwill to around 3,625 customers.