Hundreds of thousands of people checking their accounts on the morning of 12 March got the shock of their lives. Customers of Lloyds, Halifax and Bank of Scotland suddenly saw transactions that did not belong to them. New details released this week confirm the scale of the problem and raise fresh questions about trust in everyday digital banking.
The glitch exposed personal financial information to strangers at a time when more people than ever rely on mobile apps for day to day money management.
What Exactly Went Wrong on 12 March
The problem started after an overnight software update to the mobile banking apps. It began around 3:28am and lasted until just after 8am when the bank rolled out a fix.
Only the mobile apps were affected. People using online banking on computers saw no issues. The root cause was a coding error in the way the app pulled transaction data. If two customers refreshed their transaction lists within fractions of a second of each other, the system mixed up the information.
No one could access another person’s full account or move any money. Balances stayed correct. Customers could not log in as someone else or carry out any actions. But for those few hours, the view inside the app showed the wrong details.
Lloyds Banking Group confirmed the issue stemmed from a software defect in the application programming interface that handles current account transactions.
Scale of the Impact Revealed in New Figures
The numbers are striking. Up to 447,936 customers may have seen someone else’s transaction list or had their own data appear for others. Of those, 114,182 people clicked through to view more detailed information on individual payments.
This detailed view could include sort codes, account numbers, payment references, national insurance numbers in some cases, and even details from people who bank elsewhere if a payment crossed between banks.
Lloyds has now contacted almost all affected customers through in-app messages. The bank began reaching out from 24 March to explain what happened and reassure them.
Here is a quick breakdown of the key facts:
- Total mobile banking users at the group: 21.5 million
- Customers who logged in during the affected window: 1.67 million
- Maximum who saw mixed transaction lists: 447,936
- Maximum who viewed detailed individual transactions: 114,182
- Goodwill payments made so far: £139,000 to 3,625 customers
Many customers described immediate panic when they opened the app. One person told reporters she thought she had been hacked after seeing an £8,000 car purchase that was not hers. Others reported seeing wages, direct debits and large transfers belonging to complete strangers.
Lloyds Response Includes Apology and Small Compensation
Jasjyot Singh, chief executive of customer relationships at Lloyds Banking Group, sent a detailed letter to the Commons Treasury Committee. In it he expressed clear regret.
“Although it was fixed promptly, we are extremely sorry the incident happened and we understand the questions it will have prompted,” Singh wrote.
The bank notified the Financial Conduct Authority, Prudential Regulation Authority and Information Commissioner’s Office on the same morning. They continue to cooperate fully with all three regulators.
Lloyds has paid goodwill compensation to some customers who reported distress or inconvenience. Payments so far average around £38 per person for those who received them. The bank says it will handle any future claims promptly and has seen no reports of actual financial loss linked to the glitch.
The group has also reminded customers to delete any screenshots they may have taken and continues to monitor for any signs of misuse. So far, its fraud systems show no evidence of problems.
MPs and Regulators Put Digital Banking Under the Microscope
The Treasury Committee, led by chair Dame Meg Hillier, had already written to Lloyds demanding answers shortly after the first reports emerged. They described the event as an “alarming breach of confidentiality” and asked for full details on the cause, the data exposed and plans for compensation.
The committee has requested follow-up updates from the bank after one month and again after six months. This reflects growing concern among lawmakers about the reliability of banking technology as branches close and customers shift almost entirely online.
This incident comes against a backdrop of other IT problems at major UK banks in recent years. While not a cyber attack or external hack, the glitch highlights how even routine software updates can create unexpected risks when millions of people depend on the same systems.
Customer stories on social media showed a mix of anger, confusion and relief once the issue was explained. Some felt the goodwill payments were too low given the worry caused. Others praised the bank for quick fixes and transparent updates once the full picture emerged.
Experts say incidents like this can damage confidence in mobile banking even when no money is lost. People expect their financial data to remain private. When that expectation is shaken, even briefly, it takes time to rebuild trust.
The bank says it is reviewing its testing processes and learning lessons to prevent anything similar in future. It has strengthened monitoring around system updates.
In the meantime, customers across all banks may want to stay alert. Check your statements regularly. Report anything unusual straight away. And remember that if you ever see transactions that do not look right, contact your bank immediately rather than assuming the worst.
This episode serves as a reminder that behind every convenient tap on a phone screen sits complex technology that is not perfect. Banks must keep earning our trust every single day, especially as they push us toward fully digital services.
