Transient data exposure flaw in Lloyds mobile banking update
Summary
Hide ▲
Show ▼
A transient software defect in a system update for Lloyds Banking Group’s mobile banking platform enabled temporary exposure of customer personal and transactional data to other users. The incident occurred during an overnight update on 12 March and affected customers of Lloyds, Halifax and Bank of Scotland, where brief overlapping app sessions allowed some users to view unrelated transactions, account details, payment references, and national insurance numbers. No evidence of subsequent financial fraud or data misuse has been reported, but 3,625 customers received compensation totalling £139,000.
Timeline
-
30.03.2026 17:00 1 articles · 14h ago
Transient exposure of customer data in Lloyds mobile banking update
A race condition introduced during an overnight system update on 12 March caused temporary misrouting of transaction data in Lloyds, Halifax and Bank of Scotland mobile banking apps. The defect allowed brief overlapping sessions to expose account identifiers, transaction details, payment references and national insurance numbers to other users. No evidence of financial fraud or misuse has been identified, and compensation totalling £139,000 was paid to 3,625 customers.
Show sources
- Lloyds IT Glitch Exposed Data of Nearly 500,000 Banking Customers — www.infosecurity-magazine.com — 30.03.2026 17:00
Information Snippets
-
The defect stemmed from a routine IT system update that introduced a race condition during session handling in the mobile banking applications.
First reported: 30.03.2026 17:001 source, 1 articleShow sources
- Lloyds IT Glitch Exposed Data of Nearly 500,000 Banking Customers — www.infosecurity-magazine.com — 30.03.2026 17:00
-
Customers had to access their apps within fractions of a second of another user’s session for the misrouted data to appear.
First reported: 30.03.2026 17:001 source, 1 articleShow sources
- Lloyds IT Glitch Exposed Data of Nearly 500,000 Banking Customers — www.infosecurity-magazine.com — 30.03.2026 17:00
-
Exposed data included transaction details, account identifiers, payment references, and national insurance numbers.
First reported: 30.03.2026 17:001 source, 1 articleShow sources
- Lloyds IT Glitch Exposed Data of Nearly 500,000 Banking Customers — www.infosecurity-magazine.com — 30.03.2026 17:00
-
Up to 447,936 customers were potentially exposed, with 114,182 customers reported as having clicked on transactions linked to other users.
First reported: 30.03.2026 17:001 source, 1 articleShow sources
- Lloyds IT Glitch Exposed Data of Nearly 500,000 Banking Customers — www.infosecurity-magazine.com — 30.03.2026 17:00
-
Lloyds Banking Group reported the incident to the UK Financial Conduct Authority on 12 March and notified the Information Commissioner’s Office within the required 72-hour window.
First reported: 30.03.2026 17:001 source, 1 articleShow sources
- Lloyds IT Glitch Exposed Data of Nearly 500,000 Banking Customers — www.infosecurity-magazine.com — 30.03.2026 17:00
-
Compensation of £139,000 was paid to 3,625 customers for distress and inconvenience; no evidence of financial loss or fraud has been identified.
First reported: 30.03.2026 17:001 source, 1 articleShow sources
- Lloyds IT Glitch Exposed Data of Nearly 500,000 Banking Customers — www.infosecurity-magazine.com — 30.03.2026 17:00