The Treasury Committee has launched a formal inquiry into Lloyds Banking Group following a significant data breach that allowed customers to view other individuals' financial transactions through their banking applications. This incident has sparked widespread alarm over data confidentiality and consumer protection within the UK's financial sector.
Committee Demands Detailed Response
Treasury Committee chairwoman Dame Meg Hillier has written directly to Lloyds Banking Group chief executive Charlie Nunn, requesting comprehensive information about what she described as "an alarming breach of data confidentiality." The letter, formally titled "improper disclosure of individuals' account information," seeks specific details about the scale and impact of the security failure.
Key Information Requests
The committee has demanded that Lloyds provide:
- The exact number of customers affected by the data exposure
- Details about expected compensation payments to impacted individuals
- A full description of the nature of information that became visible to unauthorized users
- An assessment of whether customers have become victims of financial crime as a result of the breach
Dame Meg emphasized the need for transparency, stating: "In the interests of transparency, I would welcome a set of responses from Lloyds Banking Group related to this troubling incident." The committee has established strict timelines for Lloyds' response, requesting an initial assessment within one month and a complete incident report within six months.
Nature of the Data Breach
The security incident occurred on March 12, 2026, when customers using banking applications from Bank of Scotland, Lloyds, and Halifax reported being able to access information from other people's accounts. The exposed data included sensitive financial details that could potentially enable identity theft or financial fraud.
What Customers Discovered
Affected users reported seeing:
- Direct debit transactions belonging to other account holders
- Wage payments and salary information from unrelated accounts
- Cash withdrawal records from other customers
- Some national insurance numbers associated with payment transactions
One customer described the disturbing experience to the Press Association, expressing shock at finding herself "looking at someone else's life" when she logged into her banking application. This personal testimony highlights the profound violation of privacy experienced by affected individuals.
Regulatory Context and Previous Concerns
The Financial Conduct Authority has confirmed it is actively monitoring the situation, with a spokesperson stating: "We expect firms to protect customer data and be able to respond to and quickly recover from disruptions." The regulatory body is in direct contact with Lloyds to understand both the cause of the incident and the bank's remediation efforts.
This incident follows concerning findings from the Treasury Committee's previous investigation into banking system reliability. Last March, the committee discovered that nine of the UK's largest banks had accumulated at least 33 days' worth of service outages over a two-year period, raising questions about the resilience of digital banking infrastructure.
Bank's Response and Ongoing Investigation
Lloyds Banking Group has issued a public apology to affected customers and confirmed that an internal investigation is underway to determine the root cause of the security failure. The bank faces mounting pressure to not only explain how this breach occurred but also to demonstrate concrete measures to prevent similar incidents in the future.
The Treasury Committee's intervention represents a significant escalation in regulatory scrutiny, reflecting growing concerns about data security in an increasingly digital financial landscape. As consumers increasingly rely on mobile banking applications, this incident underscores the critical importance of robust cybersecurity measures and transparent communication when systems fail.
