Lloyds Data Security Incident Impacts 450,000 Individuals

UK retail and commercial financial services giant Lloyds Banking Group has disclosed a data security incident impacting close to 450,000 of its mobile banking users. The incident occurred on March 12 and was the result of a faulty software update that exposed transaction details from users’ current accounts to other users. According to Lloyds, however, the transactions were exposed only if users were accessing their transaction lists simultaneously. “In order to have seen another person’s transactions and for theirs to be potentially viewed by other customers, a customer had to access their own list of transactions within small fractions of a second of another person doing the same,” Lloyds told the UK’s Treasury Committee. Lloyds said the glitched update was rolled out on March 12 at 03:28 and the issue was resolved at 08:08. The problem has not occurred since. The types of data exposed in the incident vary depending on the actions taken by the users. Those who accessed the transaction lists could view information on other users’ transactions, including amounts, dates, and payment identifiers that could have included National Insurance numbers. Users who clicked on individual transactions could have viewed information such as sort codes and account numbers, National Insurance numbers or vehicle registration numbers, and text entered in the reference fields. “In some cases, the transaction information visible may have related to individuals who are not Lloyds Banking Group customers, for example in an instance where a payment was made from a Lloyds Banking Group customer account to an account holder at another bank,” Lloyds said. The banking giant points out that users’ balances were not affected by the incident and that “customers were not able to perform unauthorised actions or move money on anyone else’s account.” “Customers who experienced the issue would have been able to view others’ data momentarily, and the information that was visible would not be sufficient on its own for someone to carry out fraud against an individual’s bank account. Our assessment is that it is also very unlikely the information potentially viewed could be used to carry out fraudulent activity more widely,” Lloyds said. The banking giant told the Treasury Committee that out of its 21.5 million mobile banking users 1.67 million logged in during the incident window, but only 447,936 customers were presented with other users’ transactions or had their transactions shown to others. “We assess that a maximum of 114,182 customers clicked through to view the details behind individual current account transactions during that time and may have been presented with information about individual payments,” it said. Lloyds also noted that it informed its customers of the incident via social media and that it paid roughly £139,000 (~$183,600) to around 3,625 customers, as “goodwill payments for distress and inconvenience.” Related: Healthcare IT Platform CareCloud Probing Potential Data Breach Related: Hightower Holding Data Breach Impacts 130,000 Related: 3.1 Million Impacted by QualDerm Data Breach Related: Navia Data Breach Impacts 2.7 Million WRITTEN BY Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. More from Ionut Arghire Telnyx Targeted in Growing TeamPCP Supply Chain Attack Exploitation of Fresh Citrix NetScaler Vulnerability Begins F5 BIG-IP DoS Flaw Upgraded to Critical RCE, Now Exploited in the Wild Cloudflare-Themed ClickFix Attack Drops Infiniti Stealer on Macs OpenAI Launches Bug Bounty Program for Abuse and Safety Risks TP-Link Patches High-Severity Router Vulnerabilities Coruna iOS Exploit Kit Likely an Update to Operation Triangulation Hightower Holding Data Breach Impacts 130,000 Latest News Google Slashes Quantum Resource Requirements for Breaking Cryptocurrency Encryption Exploitation of Critical Fortinet FortiClient EMS Flaw Begins StrongSwan Flaw Allows Unauthenticated Attackers to Crash VPNs Critical Vulnerability in OpenAI Codex Allowed GitHub Token Compromise  Healthcare IT Platform CareCloud Probing Potential Data Breach Silent Drift: How LLMs Are Quietly Breaking Organizational Access Control Huskeys Emerges From Stealth With $8 Million in Funding Russian APT Star Blizzard Adopts DarkSword iOS Exploit Kit Trending Webinar: Securing Fragile OT In An Exposed World March 10, 2026 Get a candid look at the current OT threat landscape as we move past "doom and gloom" to discuss the mechanics of modern OT exposure. Register Webinar: Why Automated Pentesting Alone Is Not Enough April 7, 2026 Join our live diagnostic session to expose hidden coverage gaps and shift from flawed tool-level evaluations to a comprehensive, program-level validation discipline. Register People on the Move Moderna has promoted Farzan Karimi to Deputy Chief Information Security Officer. Brian Goldfarb has been appointed Chief Marketing Officer at SentinelOne. Token has appointed Katy Nelson as Chief Revenue Officer. More People On The Move Expert Insights Why Agentic AI Systems Need Better Governance – Lessons From OpenClaw Agentic AI platforms are shifting from passive recommendation tools to autonomous action-takers with real system access, (Etay Maor) The Human IOC: Why Security Professionals Struggle With Social Vetting Applying SOC-level rigor to the rumors, politics, and 'human intel' can make or break a security team. (Joshua Goldfarb) How To 10x Your Vulnerability Management Program In The Agentic Era The evolution of vulnerability management in the agentic era is characterized by continuous telemetry, contextual prioritization and the ultimate goal of agentic remediation. (Nadir Izrael) SIM Swaps Expose A Critical Flaw In Identity Security SIM swap attacks exploit misplaced trust in phone numbers and human processes to bypass authentication controls and seize high-value accounts. (Torsten George) Four Risks Boards Cannot Treat As Background Noise The goal isn’t about preventing every attack but about keeping the business running when attacks succeed. (Steve Durbin) Flipboard Reddit Whatsapp Email