A data incident at Lloyds Banking Group exposed transaction details for nearly 450,000 mobile banking users after a faulty software update rolled out on 12 March.
According to the UK’s Treasury Committee, up to 447,936 Lloyds, Halifax and Bank of Scotland customers saw other people’s transactions or had their data shared with other users during the glitch, with 114,182 people clicking on other people’s transactions and potentially being shown more detailed information such as account details and national insurance numbers.
The update, which began at 03:28 and was fixed by 08:08, did not affect balances or enable unauthorized actions, though some exposed transactions involved payments to non-Lloyds customers. Lloyds said the incident resulted in 1.67 million of 21.5 million mobile users logging in during the period, and compensation totalling £139,000 was paid to 3,625 customers for distress and inconvenience.
The information disclosed could include amounts, dates, payment identifiers and possibly National Insurance numbers, but the data alone was not sufficient to commit fraud.