Almost half a million Lloyds customers had personal data exposed in IT glitch

Lloyds Banking Group exposed the personal data of nearly 500,000 customers in an IT glitch that left people’s payments, account details and national insurance numbers visible to other users, a committee of MPs has revealed.A letter from Lloyds, published by MPs on the Treasury select committee on Friday, blamed the glitch on a software defect introduced during an IT update to its Lloyds, Halifax and Bank of Scotland mobile banking apps overnight into 12 March.The bank explained that customers would have had to be looking at their app within “small fractions of a second” of other users in order to access their details.However, it still meant up to 447,936 customers were potentially able to view private information of other users, with Lloyds adding that about 114,182 people ended up clicking into transactions that revealed account details, national insurance numbers or payment references.Even people who were not Lloyds Banking Group customers may have had their transaction details exposed, the bank said.The bank said it reported itself to the City regulator, the Financial Conduct Authority, on the morning of 12 March, and notified the Information Commissioner’s Office within the 72 hours as required.Jasjyot Singh, the Lloyds chief executive of consumer relationships, said the bank is now asking any customers who may have recorded, taken screenshots or posted information about other users to delete the information. “There is currently no evidence of misuse or malicious activity as a result of the incident through our fraud and cyber monitoring process,” Singh said. However, he assured the bank “will continue to monitor [potential fraud] closely”.Lloyds has so far paid £139,000 to compensate 3,625 customers for distress and inconvenience. However, it said no customers have suffered any financial losses as a result of the IT failure.The IT glitch is the latest to throw up questions about customer protections at a time when banks are continuing to close branches and push more users into digital banking and payments. It comes as long-established UK financial institutions such as Lloyds rush to compete with the boom in online-only banks ranging from digital challengers such as Monzo and Revolut to the British arms of foreign rivals, including JP Morgan’s Chase UK.The number of UK bank branches fell sharply from roughly 10,565 to 6,870 in the decade to 2024, according to the Office for National Statistics.Commenting on Lloyds’ letter, Meg Hillier, the Treasury committee chair and Labour MP, said: “Modern banking methods mean we can now perform a variety of tasks on our phones in a matter of seconds, and almost anywhere. What this incident brings into focus is the fact that there is a trade-off. By moving more interactions with our bank online, we place our faith in technology which can suffer unpredictable errors. It’s critical that consumers understand this.”Singh said: “Our priority now is to complete our full analysis, continue to engage with our customers, and ensure that we address our responsibilities towards them in full. We will also seek to learn any lessons and update our processes as a result of this incident.”Lloyds will provide further updates to the committee about the fallout from the IT glitch, in April and September.