11 hours ago
10
Liv McMahonTechnology reporter
AFP via Getty Images
Almost half a million Lloyds, Halifax and Bank of Scotland customers saw other people's transactions or had their own data shared in a recent IT issue, the bank has revealed.
In a letter responding to the Treasury Select Committee's enquiries about the incident published on Friday, Lloyds Banking Group said it had affected up to 447,936 customers.
The UK banking giant seems to have compensated only some affected so far - with "goodwill payments" of £139,000 shared between 3,625 customers.
The glitch, which happened on 12 March, left some people "panicked" after seeing payments, charges and national insurance numbers belonging to others in their apps.
Committee chair Dame Meg Hillier said the incident reflected modern banking's trade-off in enabling convenience but also producing "unpredictable errors".
"Modern banking methods mean we can now perform a variety of tasks on our phones in a matter of seconds, and almost anywhere," said Dame Meg.
"What this incident brings into focus is the fact that there is a trade-off."
She said interacting with banks online more means consumers "place our faith in technology which can suffer unpredictable errors" - adding it was important this was made clear to customers.
"That's why my Committee continues to push banks to be transparent when things go wrong," Dame Meg added.
The letter, from Lloyds Banking Group's consumer relations boss Jasjyot Singh, said its findings to date showed 114,182 customers had clicked on other people's transactions when they appeared in their own app interfaces.
It added they may have then been shown "detailed information such as account details, national insurance numbers and payment references".
"Although it was fixed promptly, we are extremely sorry the incident happened and we understand the questions it will have prompted," Singh wrote in the letter published on Friday.
"We have immediately investigated how the incident occurred."
Compensation to some customers
Lloyds said the cause of the issue had been a "software defect" introduced to its systems during an overnight IT change.
According to its letter, some impacted customers may have also seen transaction information related to people who were not customers of any of its banks, such as in instances where payments had been made by a Lloyds Banking Group customer to another bank.
At the time of the incident, one affected user, Asha, said she had panicked after seeing unknown transactions on her app - especially as their figures appeared to match the totals of her back account.
"I assumed I was hacked or a fraud had went on," she told the BBC.
"I genuinely thought someone had cloned my details - one transaction was by someone who bought a car. I thought they'd spent £8,000 of my money."
She added the experience had left her feeling "almost traumatised".
The company said it had paid out £139,000 to around 3,625 customers as of 23 March - an average of £38.34 per person.
It said this was part of its practice of compensating individuals who may have encountered distress or inconvenience amid any issues.
Singh told the Committee that Lloyds would "cooperate fully" with financial regulators including the Financial Conduct Authority (FCA) and the UK's data watchdog, the Information Commissioner's Office (ICO).
The FCA confirmed it was "actively engaging" with Lloyds Banking Group.
"We take events that impact customer accounts and their data seriously and expect firms to ensure customers are not disadvantaged from any disruption to service," it said in a statement.
The ICO said at the time of the glitch that it was "making enquiries" with Lloyds about the matter.
Lloyds Banking Groups says it is the UK's largest retail and commercial banking provider, with 26 million customers.
Krista Griggs, global account director at digital consultancy firm GFT, said the incident highlighted the need for online banks to maintain resilience by "designing systems that uphold customer trust," not just recover quickly.
"When nearly half a million customers are affected by a single update, it exposes the need for deeper, structural change rather than surface-level fixes," she said.
Tech industry analyst Paolo Pescatore added it was a "timely reminder that in digital banking, even a technical glitch can quickly become a security and trust issue".
"It's not just about systems failing; it's about safeguarding customer data, ensuring resilience, and maintaining confidence in the services people now rely on every day."
