Lloyds Banking Group said that on 12 March, as many as 447,936 customers of itself, Bank of Scotland, and Halifax were potentially exposed when a software glitch resulted in users seeing the transaction details of other customers in the banking app.
The fault came after the bank ran an overnight update to the app. According to Lloyds, 114,182 customers clicked on transactions that were not theirs, meaning they may have accessed the data of other users.
Data includes account details, national insurance numbers, and payment references. This also included the data of non-Lloyds customers.
So far, Lloyds has reportedly paid compensation to 3,625 customers, totalling just over £139,000 (roughly A$268,650), and said that it formally notified the Information Commissioner’s Office within 72 hours of the incident.
Following this, Treasury committee chair Meg Hillier emailed Lloyds Banking Group CEO Charles Nunn, the subject line being “Improper disclosure of individual’s account information”.
“On the face of it, this is an alarming breach of data confidentiality,” she said.
Lloyds’ CEO of consumer relationships, Jasjyot Singh, responded, reiterating that the incident was a result of the IT update.
“The defect meant that when a customer requested to view their current account transactions, their transaction data was potentially visible to other customers who were simultaneously – within small fractions of a second – requesting access to their own transactions,” he said.
Singh said the bank is currently reviewing how the defect in the code led to the incident and why it was not identified during quality assurance and testing.
“Based on our assessment of this incident, we have not identified evidence that customers have suffered financial loss, and no customer has reported a financial loss arising from the incident at this stage. Accordingly, we have not made compensation payments on this basis,” he said.
Want to see more stories from trusted news sources?Make Cyber Daily a preferred news source on Google.
