Lloyds Banking Group Technical Glitch Exposes Private Customer Transactions

Lloyds Banking Group, including Lloyds Bank, Halifax, and the Bank of Scotland, experienced a data leak on March 12, 2026. The incident, described as a technical glitch, allowed customers to view the private banking transactions and account details of other people through mobile banking apps. The leak occurred during a two-hour window between 7:00 AM and 9:00 AM GMT before the group implemented a fix.

The incident likely stemmed from a logic error or a misconfigured caching layer in the application's API gateway. When users requested their transaction history, the system returned cached data from other active sessions instead of querying the specific user's database record. This resulted in data cross-talk, where sensitive information was mapped to the wrong authenticated tokens, allowing users to see different data sets each time they logged in.

The compromised data includes:

• Full names and account balances
• Transaction histories, including specific retail locations (Starbucks, McDonald's)
• Wage and salary payment details
• National Insurance numbers (contained within DWP and HMRC payment references)
• HMRC reference numbers
• Gambling activity and Betfair transactions

The number of affected individuals is not disclosed. 

Lloyds Banking Group issued an apology and stated that the issue was resolved quickly. The bank advised users to log out and log back in to clear the incorrect data from their screens. Internal investigations are currently underway to determine the root cause of the logic error. The group has not yet confirmed if it will proactively notify all affected individuals or offer identity theft protection services. The group claims that banking accounts are secure.