188/69 Thursday, April 2, 2026
Lloyds Banking Group has disclosed a data security incident caused by a faulty software update on March 12, which led to the exposure of transaction data belonging to nearly 450,000 mobile banking users. The issue allowed some customers to view other users’ transaction details within the mobile application. The incident occurred over a short period and was resolved on the same day. Investigations revealed that the exposure only happened when users accessed transaction histories at nearly the same time (within seconds). The exposed data may have included transaction amounts, dates, payment details, and in some cases, National Insurance numbers. The system update was deployed at 03:28 AM and the issue was resolved by 08:08 AM, with no recurrence reported.
The company stated that although some data was exposed, account balances were not affected and there was no capability for unauthorized transactions. Approximately 1.67 million users out of a total of 21.5 million logged in during the affected period, with 447,936 users impacted. Among them, 114,182 users accessed transaction details belonging to others, which may have included additional information such as account details and payment references.
As an initial response, the company has paid approximately £139,000 in compensation to 3,625 customers for inconvenience and distress. Lloyds confirmed that no financial losses have been reported as a result of the incident. This event highlights the risks associated with digital banking systems that rely heavily on technology, and underscores the importance of transparency and robust controls to maintain user trust.