Lloyds Banking Glitch Exposed Nearly Half a Million Customers' Data, and the Compensation Is Laughable

A Four-Hour Window of Chaos

If you banked with Lloyds on the morning of 12 March and fancied a peek at someone else's finances, you were briefly in luck. A software defect introduced during an overnight IT update broke account isolation in the bank's mobile app, meaning customers could accidentally view other people's transaction data. The glitch ran from 03:28 to 08:08 GMT, a window of roughly four hours and forty minutes that has since become a rather expensive headache for the UK's largest retail banking group.

In a letter to the Treasury Select Committee, Lloyds confirmed that up to 447,936 customers were potentially affected. Of those, 114,182 actually clicked through to view other people's transactions, potentially seeing sensitive details including national insurance numbers. That is not a minor hiccup. That is an alarming breach of confidentiality, to borrow the words of committee chair Dame Meg Hillier.

What Actually Went Wrong?

The root cause was an API flaw. When two users hit the same function within fractions of a second, the system essentially got confused about whose data belonged to whom. Account isolation broke down, and suddenly your Tuesday morning coffee transaction was someone else's bedtime reading.

During the incident window, 1.67 million of Lloyds' 21.5 million mobile app users logged in. Only current accounts were affected, and the bank insists that no balances were compromised and no customers have suffered financial loss. Small mercies, though one suspects the 114,000-odd people whose national insurance numbers were on display might define "loss" a touch more broadly.

The Compensation That Barely Covers a Round

Here is where things get properly eyebrow-raising. Lloyds has paid out £139,000 in goodwill payments, shared between just 3,625 customers. For those reaching for a calculator, that works out to roughly £38.34 per person.

Thirty-eight quid. For having your personal financial data and national insurance number exposed to strangers. You could argue that barely covers the emotional distress of discovering your bank cannot keep its APIs in order, let alone the time spent worrying about identity fraud. Whether Lloyds considers this matter closed with such modest payouts remains to be seen, but it is safe to say the optics are not great.

Regulators Are Circling

The Financial Conduct Authority has confirmed it is actively engaging with Lloyds Banking Group over the incident. Meanwhile, the Information Commissioner's Office is making enquiries, though Lloyds did at least notify the ICO within the required 72-hour window. Prompt paperwork does not undo the breach, but it suggests someone in compliance was paying attention even if the API was not.

The Treasury Select Committee is not letting this fade quietly either. Dame Meg Hillier has demanded both one-month and six-month follow-up reports from the bank, ensuring this stays on the agenda well into autumn.

The Bigger Picture

Lloyds Banking Group serves around 26 million customers across its various brands. When you are that size, a software defect does not just affect a handful of accounts. It scales spectacularly. The fact that a single overnight change could compromise account isolation for hundreds of thousands of users raises serious questions about testing protocols and deployment safeguards.

Jasjyot Singh, Lloyds' consumer relationships chief, penned the apology letter to the committee. An apology is welcome, but customers will be watching closely to see whether meaningful changes follow or whether this becomes another case of sorry-not-sorry banking.

For now, if you were affected, keep an eye on your accounts and consider whether £38.34 feels like adequate recognition that your bank briefly turned your financial data into a lucky dip.

Read the original article at source.