Lloyds Banking Group is conducting an investigation following reports from customers of Lloyds, Halifax, and Bank of Scotland who claimed they could view other users’ transactions in their app and online banking interfaces.
According to a woman who spoke to the BBC, she was able to access the accounts of six different users on her Bank of Scotland app within a 20-minute timeframe. Among the transactions she allegedly saw were benefit payments from the Department of Work and Pensions (DWP) using recipients’ National Insurance numbers as references.
The woman also reported seeing payments from a pub in Newcastle and transactions to Waitrose, despite the absence of a nearby Waitrose store from her location in Kirkcaldy, Fife.
Consumer advocate Martin Lewis highlighted the issue, stating that people had contacted him about viewing others’ transactions. Responding to his post, several individuals mentioned seeing unfamiliar payments before the app reverted to displaying their own transactions.
The extent of the impact on customers remains uncertain, given that Lloyds Banking Group serves approximately 26 million customers. The problem seems to have emerged around 7 a.m., with a surge in complaints recorded on outage tracker DownDetector during that period.
A spokesperson from Lloyds Banking Group expressed regret over the incident, acknowledging that some customers encountered difficulties viewing transactions in the app briefly. The matter was swiftly addressed, and an investigation into the cause is underway.
One individual shared with the Press Association the disconcerting experience of discovering mysterious transactions when accessing their banking app, describing it as akin to glimpsing into someone else’s financial affairs. The customer, based in Edinburgh, expressed concern over the security of their own information in light of the unexpected account activity.
Feeling unsettled by the apparent breach of privacy within their banking app, the customer emphasized the importance of safeguarding personal financial data and regaining trust in the platform’s integrity.