Major Banking App Glitch Exposes Sensitive Customer Data Across UK
In a significant privacy breach, customers of three major UK banks—Lloyds, Halifax, and Bank of Scotland—reported being able to view the bank accounts of other users when logging into their mobile apps on Thursday morning. The incident, which lasted for a short period, allowed some individuals to access sensitive information, including national insurance numbers and recent transactions that did not belong to them.
Widespread Reports of Data Exposure
One customer detailed her experience to the BBC, stating that over a 20-minute period, she could see the accounts of six different users on the Bank of Scotland app. This included national insurance numbers, which are often used as payment references for benefits from the Department for Work and Pensions. She also observed transactions from Waitrose, despite not living near any of the supermarket's stores.
On social media, consumer champion Martin Lewis highlighted the issue, noting that he received numerous messages from people concerned about seeing other individuals' transactions. His post garnered nearly 2,000 comments from worried bank customers, many of whom reported viewing names, account numbers, sort codes, and national insurance numbers, with some fearing they had been hacked.
Customer Accounts of the Breach
Shirley Finlayson shared on a post that when she accessed the Bank of Scotland app, she saw multiple transactions, some dating back to 2024, with full details of the recipients, including names and bank account information. Another user, Jill Steel, reported being able to view the financial details of 30 people through her Lloyds app, including names, account numbers, sort codes, and national insurance numbers for those receiving benefits.
Bank Responses and Apologies
Halifax acknowledged the problem on social media, stating they were aware some customers were experiencing issues with viewing transactions and balances. A spokesperson for Lloyds Banking Group apologized for the incident, confirming that the issue was quickly resolved and that an investigation into what happened is underway. Despite this, customers continued to report difficulties logging into their accounts throughout the morning.
Context of Recent IT Failures
This glitch follows a series of IT failures in the banking sector last year, which affected customers of TSB, Nationwide, First Direct, and Lloyds. These incidents have raised concerns among MPs, especially as banks increasingly shift towards digital services while closing physical branches. The trend highlights ongoing challenges in maintaining secure and reliable online banking platforms.
The exposure of personal data such as national insurance numbers and transaction details underscores the critical importance of robust cybersecurity measures in the financial industry. Customers are advised to monitor their accounts for any suspicious activity and report concerns to their banks immediately.
