Lloyds Banking Group Confirms IT Glitch Affected Nearly Half a Million Customers
Lloyds Banking Group has disclosed that a major technology failure impacted close to half a million of its customers, revealing that some users were able to view other peopleās transaction histories and, in certain cases, access sensitive personal information. The admission came in a formal letter addressed to members of Parliament, as the bank responded to questions from the Treasury Select Committee regarding the incident.
The glitch, which occurred on March 12, affected up to 447,936 customers across the groupās three major brands: Lloyds Bank, Halifax, and Bank of Scotland. According to the bankās letter, 114,182 users were able to view transactions belonging to other individuals. In some instances, the exposed data included account details, National Insurance numbers, and payment references, raising significant concerns over customer privacy and data security.
To date, the bank has paid approximately Ā£139,000 ($184,383) in compensation to 3,625 affected customers. These payments were made to address distress and inconvenience caused by the breach, though the bank emphasized that it has not identified any customers who suffered direct financial loss as a result of the incident.
The letter also acknowledged that transaction information belonging to individuals who are not Lloyds Banking Group customers may have been inadvertently visible to others during the outage, further widening the potential scope of the data exposure.
Cause of the Incident and Regulatory Response
Lloyds attributed the failure to a āsoftware defectā that was introduced during an overnight system update. The bank stated that it self-reported the issue to the Financial Conduct Authority (FCA) on the morning of March 12 and notified the Information Commissionerās Office (ICO) within the mandatory 72-hour window required under data protection regulations.
The disruption to the groupās online services prompted immediate scrutiny from the Treasury Committee, whose chair, Dame Meg Hillier, described the event as an āalarming breach of confidentiality.ā Last week, Hillier submitted a series of detailed questions to Lloyds seeking clarity on the scope of the failure, the bankās response, and the measures being implemented to prevent recurrence.
Hillier has now requested that Lloyds provide further updates to the Committee in one month and again in six months to ensure continued oversight and accountability.
Broader Context of Banking IT Outages
The incident adds to a growing pattern of technology failures across the UK banking sector. A report published by the Treasury Committee in March of the previous year found that the countryās nine largest banks experienced at least 33 days of IT outages over a two-year period, underscoring persistent vulnerabilities in the digital infrastructure that underpins modern financial services.
Commenting on the Lloyds incident, Hillier remarked: āModern banking methods mean we can now perform a variety of tasks on our phones in a matter of seconds, and almost anywhere. What this incident brings into focus is the fact that there is a trade-off. By moving more interactions with our bank online, we place our faith in technology which can suffer unpredictable errors. It is critical that consumers understand this, and that is why my Committee continues to push banks to be transparent when things go wrong.ā
Bankās Guidance to Customers and Assurance of Security
In response to the glitch, Jasjyot Singh, Chief Executive Officer for Consumer Relationships at Lloyds Banking Group, urged affected customers to delete any screenshots or shared information they may have inadvertently captured belonging to other users. He also sought to reassure customers that the bankās fraud and cyber monitoring systems had found no evidence of misuse or malicious activity stemming from the incident.
āThere is currently no evidence of misuse or malicious activity as a result of the incident through our fraud and cyber monitoring process,ā Singh said, adding that the bank would continue to closely monitor the situation and provide further updates as necessary.