Update: Lloyds has confirmed that an additional 80,508 customers may have been impacted by the incident, bringing the total number of affected individuals to more than 527,000. The newly identified group consists primarily of joint account holders whose data may have been visible even if they did not log into the app. The bank also disclosed that over £200,000 has been issued in goodwill payments to affected customers, with no confirmed cases of financial loss.
Lloyds Banking Group, one of the UK’s largest banking institutions, disclosed that a technical glitch in March 2026 allowed customers to view transaction data and personal details belonging to other account holders. The exposure initially affected up to 447,936 customers before the issue was identified and resolved.
The incident occurred when users logged into their accounts and were inadvertently shown information from other customers’ profiles, including transaction histories and personal identifying information. Lloyds stated the glitch was caused by a system error during routine maintenance rather than external attack or malicious activity.
Customer data exposed through system error
Affected customers may have had their transaction data, account balances, personal details, and contact information visible to other users during the exposure window. The bank emphasized that no customer credentials, passwords, or authentication information were compromised, and no unauthorized financial transactions occurred.
However, Lloyds later confirmed that of the 446,915 customers who accessed the platform during the incident, approximately 107,937 viewed transaction-level data, increasing the likelihood that sensitive account information was exposed.
Joint account exposure expanded impact
The additional 80,508 impacted individuals were identified as joint account holders whose data may have been visible through accounts accessed by other users. These customers did not need to log in themselves to be affected, expanding the overall scope of the incident.
This secondary exposure highlights how shared account structures can amplify the impact of application-level data leaks, even when access is limited to authenticated users.
Bank response and regulatory reporting
Lloyds immediately disabled the affected system components upon discovering the error and implemented additional access controls to prevent recurrence. The bank is notifying all impacted customers directly and offering support services, including fraud monitoring assistance.
The financial institution stated it has reported the incident to the UK’s Financial Conduct Authority and Information Commissioner’s Office as required under data protection regulations. An internal investigation is examining how the glitch bypassed existing safeguards during the maintenance process.
Lloyds said it has not identified any cases of financial loss linked to the incident and reported no increase in fraud activity following the exposure.
