Around half a million Lloyds Banking Group customers were affected by an IT incident that exposed other people’s transactions and, in some cases, personal information, the bank has admitted in a letter to MPs.
In its response to the Treasury Select Committee about the glitch on 12 March, the group said the issue had affected up to 447,936 customers of Lloyds Bank, Halifax and Bank of Scotland.
The bank reported that 114,182 users accessed others’ transactions, potentially exposing sensitive data like account details, national insurance numbers, and payment references.
So far, £139,000 ($184,383.46) of compensation has been paid out to 3,625 customers for distress and inconvenience, with no customers identified as having suffered financial loss.
The letter also acknowledges that transaction information related to individuals who are not Lloyds Banking Group customers may have been visible.
The cause of the incident has been identified as a “software defect”, which occurred during an overnight update.
The bank said it self-reported to the Financial Conduct Authority on the morning of 12 March and notified the Information Commissioner’s Office within the required 72-hour period.
The IT issue, which impacted the group’s online services, prompted the chair of the Treasury Committee, Dame Meg Hillier, to pose a series of questions to Lloyds last week.
Hillier had called the event an “alarming breach of confidentiality”.
She has requested further updates from Lloyds Banking Group in one month and in six months’ time.
A Committee report last March revealed that the UK’s top nine banks racked up at least 33 days of IT outages over the preceding two years.
Hillier said: “Modern banking methods mean we can now perform a variety of tasks on our phones in a matter of seconds, and almost anywhere.
“What this incident brings into focus is the fact that there is a trade-off. By moving more interactions with our bank online, we place our faith in technology which can suffer unpredictable errors. It’s critical that consumers understand this, and that’s why my Committee continues to push banks to be transparent when things go wrong.”
Lloyds is urging customers to delete any screenshots or shared information of other users, says consumer relationships CEO Jasjyot Singh.
“There is currently no evidence of misuse or malicious activity as a result of the incident through our fraud and cyber monitoring process,” he assured, adding the bank would continue to monitor the situation.
“Lloyds admits IT glitch hit nearly half a million customers” was originally created and published by Retail Banker International, a GlobalData owned brand.