LONDON — Lloyds Banking Group is reporting it has identified the software glitch that exposed the personal data of up to 447,936 of its customers and allowed some users to briefly view other customers’ transactions and account information.
The CU Daily first reported on the glitch here.
The incident occurred March 12 during an overnight system update and affected customers using mobile banking apps across Lloyds, Halifax and Bank of Scotland, InfoSecurity Magazine reported.
More Than 100,000 Viewed Others’ Data
Due to the error, some users were able to see transactions belonging to other customers, including account details, payment references and, in some cases, national insurance numbers. Approximately 114,182 customers clicked on transactions that displayed other users’ personal information.
Lloyds said the issue stemmed from a software defect introduced during a routine IT update. The bank added that customers would have had to access their apps within fractions of a second of other users for the data to appear, according to the report.
The bank reported the incident to the U.K.’s Financial Conduct Authority the same day and notified the Information Commissioner’s Office within the required 72-hour window, InfoSecurity Magazine reported.
Lloyds also warned that some exposed transaction data may have involved individuals who were not customers of the bank, such as recipients of payments from Lloyds account holders.
Compensation Paid
The bank said it has paid £139,000 (about $183,000) in compensation to 3,625 customers for distress and inconvenience related to the incident. It added there is no evidence of financial loss or fraud tied to the glitch, though monitoring is ongoing.
