Lloyds Banking Group Security Incident Exposed Transaction Data of Nearly 450,000 Mobile Users

What happened

A security incident at Lloyds Banking Group exposed transaction data for up to 447,936 mobile banking customers after a faulty software update caused some users to briefly see other people’s account activity in the app. The issue began after an update rolled out at 03:28 on March 12 and was fixed by 08:08 the same day. Lloyds Banking Group said the exposure occurred only when users accessed transaction lists at almost exactly the same time. The potentially exposed information included transaction amounts, dates, payment identifiers, and in some cases more detailed information such as account details, payment references, and potentially National Insurance numbers. The group said account balances were not affected and no unauthorized actions were possible. 

Who is affected

The direct exposure affects Lloyds, Halifax, and Bank of Scotland mobile banking customers whose transaction data was briefly shown to other users during the incident. Lloyds Banking Group said 114,182 people clicked into other users’ transactions and may have seen more detailed information. During the incident window, 1.67 million of the group’s 21.5 million mobile users logged in. 

Why CISOs should care

This incident matters because it shows how a faulty update in a live banking app can create broad customer data exposure within hours, even without account takeover or unauthorized transactions. It also highlights the operational and reputational risk that follows when digital banking systems briefly expose sensitive transaction information across a large active user base. 

3 practical actions

1. Tighten release controls for customer-facing systems: Treat software updates to transaction and account-view functions as high-risk changes that require stronger testing and rollback readiness before broad deployment. 
2. Scope exposure by what users could actually view: Distinguish between users whose data became visible and users who clicked through to more detailed transaction information, since the incident involved both levels of exposure. 
3. Prepare compensation and response workflows early: Make sure customer remediation plans can move quickly when a digital incident causes distress and inconvenience at scale, even where no financial loss is identified. 

For more news about incidents involving exposure of customer information, click Data Breach to read more.