Lloyds Banking App Glitch Exposed Other Customers’ Transaction Data
UK lawmakers are pressing Lloyds Banking Group for answers after a March 12 digital banking glitch allowed some customers using the Lloyds Bank, Halifax, and Bank of Scotland apps to view other users’ transaction histories. Treasury Committee chair Meg Hillier called the incident an “alarming breach of data confidentiality” and asked CEO Charlie Nunn to explain what caused the failure, which channels were affected, how many customers were impacted, what personal and financial data was exposed, and how the bank responded.
Customer reports indicate the exposure went beyond a minor display error, with visible data reportedly including transaction details, sender and recipient names, shop names, card transaction locations, amounts, the last four digits of payment cards, and direct debit reference numbers. Lloyds said the issue was resolved quickly and that it is investigating the cause, but the incident has intensified scrutiny of the resilience and security of UK banks’ digital services as more customers are pushed toward online and mobile banking amid branch closures and a broader pattern of service outages across the sector.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
3 events from the most recent confirmed update back to the earliest known activity.
Lloyds discloses scale of app data exposure and customer compensation
On 2026-03-27, Lloyds Banking Group said its 12 March mobile app glitch potentially exposed personal and transaction data of up to 447,936 customers, with 114,182 users clicking into transactions showing sensitive details. The bank said it had notified the FCA and ICO, found no evidence of misuse or financial loss, and had paid £139,000 in compensation to 3,625 customers.
Treasury Committee demands answers from Lloyds over data breach
On 2026-03-17, the UK Parliament's cross-party Treasury Committee, led by chair Meg Hillier, asked Lloyds Banking Group CEO Charlie Nunn to explain the March 12 incident. The committee requested details on the cause, scope, exposed data, regulatory notifications, customer communications, response timeline, and possible compensation.
Lloyds app glitch exposed other customers' transactions
On 2026-03-12, a digital banking glitch allowed some users of the Lloyds Bank, Halifax, and Bank of Scotland mobile apps to view other customers' financial transactions. Lloyds said it investigated the issue and resolved it quickly.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
6 references tracked. Mallory keeps watching after this page renders.
Almost half a million Lloyds customers had personal data exposed in IT glitch | Lloyds Banking Group | The Guardian
theguardian.com
Open sourceNearly half a million Lloyds Banking Group customers affected by personal data glitch - Committees - UK Parliament
committees.parliament.uk
Open sourceteiss - News - UK lawmakers question Lloyds over account glitch that exposed customers' details
teiss.co.uk
Open sourceMPs asks Lloyds Bank for more information about ‘alarming’ breach | Computer Weekly
computerweekly.com
Open sourceUnclassified
ismg-cdn.nyc3.cdn.digitaloceanspaces.com
Open sourceUnclassified
ismg-cdn.nyc3.cdn.digitaloceanspaces.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
London Hydro Discloses Customer Data Exposure After Security Incident
London Hydro, a Canadian utility serving more than 160,000 customers, disclosed a security incident that may have exposed customer personal and account information. The potentially affected data includes names, home and service addresses, email addresses, phone numbers, account and billing numbers, pricing plans, contract start dates, and meter information. The company said banking details, payment card data, dates of birth, and government-issued identification numbers were not involved, and it has begun notifying affected individuals. The utility has not disclosed how the intrusion occurred, whether data was exfiltrated, how many customers were affected, or whether ransomware, extortion, third-party systems, or operational technology played a role. London Hydro warned that the exposed account details could make phishing, impersonation, and fraudulent billing scams more convincing, and advised customers to watch for suspicious communications, unexpected bills, unfamiliar account activity, and requests to change payment arrangements.
Jun 23, 2026
Community Bank Exposed Customer Data Through Unauthorized AI App Use
Community Bank disclosed a security incident after customer information was exposed through use of an unauthorized AI-based software application, according to a filing with the U.S. Securities and Exchange Commission. The bank said the compromised non-public data included customer names, dates of birth, and Social Security numbers, and that it reported the matter because of the volume and sensitivity of the information involved. Reporting indicates the lapse may have occurred when customer data was uploaded to an online AI chatbot or similar service, though the bank has not identified the application or explained the exact mechanism. The bank said the incident did not disrupt operations or prevent customers from accessing accounts or payment services, but it is still assessing the scope of affected data and notifying impacted individuals as required by law. Community Bank is also communicating with banking and financial regulators and pursuing remediation to prevent a recurrence. The number of affected customers remains undisclosed.
May 13, 2026
HSBC USA Customer Data Allegedly Exposed in Major Breach Claims
Threat actors have claimed responsibility for a significant data breach targeting HSBC USA, alleging the theft and subsequent leak of a large trove of personally identifiable information (PII) and sensitive financial records belonging to the bank's customers. The compromised data reportedly includes full names, addresses, Social Security numbers, dates of birth, phone numbers, bank account numbers, account balances, and transaction histories. Multiple sources indicate that the data was posted on prominent data leak forums, with early analysis by independent researchers suggesting the leaked samples appear legitimate, though the full scope and authenticity remain under investigation. Security experts warn that the exposure of such comprehensive PII and financial details could enable a range of fraudulent activities, including identity theft, unauthorized account access, SIM swapping, and spearphishing attacks. HSBC USA has publicly denied that a breach occurred, stating that internal investigations have found no evidence of compromised systems or service providers. Despite the bank's denial, cybersecurity researchers and industry analysts emphasize the severe risks posed by the alleged leak, urging financial institutions to strengthen authentication mechanisms, enhance account recovery processes, and promptly notify potentially affected customers. The incident has raised concerns about the adequacy of data protection measures in the banking sector and highlights the urgent need for robust security controls to prevent large-scale identity and financial fraud.
Mar 21, 2026