Nearly half a million customers of Lloyds, Halifax, and Bank of Scotland were inadvertently granted access to the private transactions, payment details, and National Insurance numbers of complete strangers following a severe IT failure.
According to a letter submitted to the Treasury Select Committee by Lloyds Banking Group, the digital breach affected up to 447,936 individuals. Within that group, over 114,000 users actively clicked on and viewed the misdirected financial data that unexpectedly populated their mobile banking apps.
The widespread disruption, which unfolded on March 12, was attributed to a "software defect" introduced during a routine overnight system update.
The sudden appearance of strange financial activity left many users terrified that their life savings had been stolen. One affected customer, Asha, described the panic of seeing unfamiliar, high-value transactions—including an £8,000 car purchase—that appeared to be draining her personal balance. "I genuinely thought someone had cloned my details," she said, adding that the ordeal left her feeling "almost traumatised."
In response to the distress caused by the error, the UK banking giant has begun issuing "goodwill payments." As of late March, the bank had distributed a total of £139,000 among 3,625 customers, averaging approximately £38 per person.
Jasjyot Singh, the bank's consumer relations chief, offered a formal apology to the committee, emphasizing that the defect was quickly patched and investigated. Singh also disclosed an alarming detail: the glitch exposed the information of non-Lloyds customers as well, provided a Lloyds user had previously transferred funds to them.
Dame Meg Hillier, chair of the Treasury Select Committee, emphasized that the fiasco highlights a modern banking dilemma. While mobile apps offer lightning-fast convenience, she noted that consumers are forced to "place our faith in technology which can suffer unpredictable errors." Hillier stressed that this vulnerability demands absolute transparency from financial institutions when their systems fail.
The fallout has predictably drawn the scrutiny of major watchdogs. Both the Financial Conduct Authority (FCA) and the UK's data watchdog, the Information Commissioner's Office (ICO), have confirmed they are actively investigating the incident and engaging with the bank.
Industry experts argue the breach should serve as a wake-up call for the financial sector. Krista Griggs, a director at digital consultancy GFT, warned that an error of this magnitude requires "deeper, structural change rather than surface-level fixes" to maintain long-term consumer trust. Tech analyst Paolo Pescatore echoed the sentiment, pointing out that in the modern era, a simple technical bug can instantly transform into a massive crisis of security and confidence.