Customers of three major UK banks—Lloyds, Halifax, and Bank of Scotland—experienced a severe security breach on Thursday morning, with many reporting they could view the bank accounts of other users through their mobile apps. This alarming incident has sparked widespread concern over data protection and digital banking vulnerabilities.
Widespread Account Exposure and Login Issues
Numerous customers encountered difficulties logging into their accounts, and in some cases, upon successful access, they were presented with account details and transactions that did not belong to them. One woman detailed to the BBC that over a 20-minute period on the Bank of Scotland app, she could see the accounts of six different users, including sensitive information such as national insurance numbers.
Specific Examples of Compromised Data
The exposed data included benefits payments from the Department for Work and Pensions, which use national insurance numbers as payment references, and references to Waitrose transactions, even for customers who do not live near such stores. On social media, users like Shirley Finlayson reported seeing transactions dating back to 2024, with full recipient details including names, bank account numbers, and sort codes. Another user, Jill Steel, claimed to have viewed the financial details of 30 people through the Lloyds app, including names, account numbers, sort codes, and national insurance numbers for benefit recipients.
Bank Responses and Public Reaction
A Lloyds Banking Group spokesperson apologised for the issue, stating it was quickly resolved and that an investigation is underway. Halifax acknowledged on social media that some customers were having issues viewing transactions and balances. However, customers continued to report login difficulties and fears of being hacked, with consumer champion Martin Lewis receiving nearly 2,000 comments on a Facebook post about the incident.
Historical Context and Broader Implications
This glitch follows a series of IT failures last year that affected customers of TSB, Nationwide, First Direct, and Lloyds, raising concerns among MPs as banks increasingly shift towards digital services while closing physical branches. The incident highlights ongoing challenges in cybersecurity and data privacy within the banking sector, prompting calls for stricter regulations and improved app security measures to prevent future breaches.
