Lloyds Banking Group has paid compensation to 1,625 more customers after personal data was exposed in an incident described by the Treasury Committee chair as “an alarming breach of data confidentiality”.
As Computer Weekly has previously reported, on the morning of 12 March, a fault in the Lloyds banking app enabled some customers to see the transactions of other customers. Customers of the group’s Halifax, Bank of Scotland and Lloyds Bank apps were affected by the security breach.
The bank’s response to a request from the UK government’s Treasury Committee shows that a programming error was the root cause of a breach that exposed details.
The bank has estimated that 114,182 customers clicked through to view the detail behind individual current account transactions during that time, and may have been presented with information about individual payments.
In its latest update on the committee, the bank told MPs it has paid a further £62,000 of “goodwill payments” to an additional 1,625 customers, with 5,250 customers now in receipt of a total of £201,000.
Lloyds originally said Nearly 450,000 customers were potentially affected during the period the vulnerability existed, and in the latest update, the bank said another 80,000 people were joint account holders with people who had their details exposed.
In the letter to Meg Hillier, chair of the Treasury Select Committee, Jasjyot Singh, CEO for consumer relationships at the bank, said further investigation “has shown there has been no increase in average daily volumes of fraud against the 446,915 customers affected by the incident.”
Singh added: “There has been no statistically significant difference in the types of fraud, including impersonation scams and card fraud, within that population.
“We have also reviewed the cases of fraud that occurred after the incident on 12 March to establish whether there was any discernible link in those cases to the nature of the data potentially viewed. In that analysis, we have not seen any such link to the incident.”
Following a major outage at Barclays Bank in January 2025, MPs on the Treasury Committee demanded that banks come clean about access issues.
MPs set questions for the UK’s nine biggest banks, including Lloyds. Bank bosses were asked to provide an overview of the number of instances and the amount of time in total that services have been unavailable to customers due to IT failure over the past two years; how many customers have been affected; the amount of compensation that has been paid to their customers; and a description of the reason for the failures. You can read the letters to the bank CEOs here.
Data received from banks by MPs on the Treasury Committee revealed at least 158 banking IT failures between January 2023 and February 2025, equating to more than 800 hours of service unavailability. Barclays Bank reported the most incidents, at 33, followed by Allied Irish Bank, HSBC and Santander, with 32 each. Nationwide Building Society reported 18 outages, NatWest 13 and Lloyds Bank 12. In single figures were Allied Irish Bank, with nine, Danske, with five, and Bank of Ireland, with four.
