The Information Commissioner’s Office (ICO) has officially begun inquiries into a significant technical failure affecting Lloyds, Halifax, and Bank of Scotland. The glitch reportedly allowed mobile app users to view the private transaction histories and sensitive financial details of strangers. This regulatory intervention follows a wave of customer complaints regarding unauthorized data exposure during routine login attempts.
The incident is particularly sensitive as it involves Lloyds Banking Group, one of the UK’s largest financial institutions. Customers expressed immediate alarm on social media, with many fearing their accounts had been compromised by external hackers. However, the group has clarified that the issue stemmed from an internal IT error rather than a cyberattack.
Testimonies from affected users highlight the severity of the exposure, with some reporting visibility of names, sort codes, and account numbers. In one instance, a user claimed to see the private records of 30 different individuals, including National Insurance numbers tied to benefit payments. High-profile consumer advocates like Martin Lewis noted that his platforms were flooded with thousands of reports from concerned savers.
The breach underscores the inherent risks associated with the rapid digital transformation of the banking sector. As traditional lenders move away from physical branches to compete with “neobanks” like Monzo and Revolut, the stability of their legacy IT infrastructure is under intense scrutiny. This event is the latest in a string of technical outages that have plagued UK banks over the past year.
Lloyds Banking Group has since issued an apology, stating that the “short-term” issue has been resolved. The ICO will now determine if the group met its legal obligations to protect consumer data and report the breach within the mandatory 72-hour window. The outcome of this inquiry could lead to significant fines or mandatory upgrades to the bank’s digital security protocols.