Customers at Lloyds Banking Group were sent into panic on Thursday morning after a number of users opened their mobile app to find rogue transactions that did not belong to them.
Screenshots quickly flooded social media with many of the bank’s 28m customers describing their horror at seeing up thousands of pounds of bizarre payments.
The Downdetector – an outage tracking website – recorded a spike in reports of issues across the Lloyds apps between 7am and 9am on Thursday.
The Lloyds Bank’s social media account – and those of its subsidiaries Halifax and Bank of Scotland – soon leapt into action to assure customers that the crisis been resolved and the team was investigating a “technical glitch”.
But the incident left customers alarmed and raised questions over the consequences for the bank as stories quickly emerged of users seeing other people’s spending, wages and in some cases National Insurance numbers through benefit payments.
Chris Cook, head of the employment and data protection at SA Law told City AM: “A technical failure exposing customer financial information, even briefly, could constitute a reportable data breach under UK data protection law.
“Banks have a duty to ensure that personal and financial data is kept secure, and any inadvertent disclosure can trigger regulatory obligations, including notification to the Information Commissioner’s Office (ICO).”
The ICO said on Thursday it had been “aware of an incident affecting some online banking services” and would be “making enquiries”.
The data watchdog handed out 15 fines in 2025, which collectively topped £21.7m.
Meanwhile the Financial Conduct Authority (FCA) said: “We’re in contact with Lloyds Banking Group to understand what’s happened and how it’s being resolved.”
How high could Lloyds be fined?
Simon Fawell, partner at Signature Litigation told City AM reports from users suggest there “appears to have been a fairly clear data breach which will, no doubt, be investigated by the ICO and could result in a substantial fine”.
In the most extreme cases, the ICO maintains the power to impose a fine of up to four per cent of global annual turnover. For Lloyds, this would mark a mammoth £700m hit.
But Fawell notes it is “unlikely that this breach would risk a fine of anything close to that value”.
Stephen Cartwright, associate at Simkins LLP, told City AM: “Regulators will examine how the glitch occurred, whether Lloyds had appropriate technical and organisational measures in place, and what remedial steps are being taken to prevent a recurrence.”
Lloyds Banking Group was struck with a £160,000 fine at the beginning of the year after its subsidiary Bank of Scotland was found to have breached sanctions by opening a bank account for an ally of Russian President Vladirmir Putin.
Between 8 February and 24 February 2023, Bank of Scotland processed 24 payments, totalling £77,383 from a personal current account held by an individual designated under Russian sanctions.
The latest bungle marked a major blow for Lloyds, which has looked to bullishly embrace and leverage new tech in the last year.
The bank’s chief executive said following the group’s annual financial results that AI had provided a £50m boost to its balance sheet in the last year.
It expects this to double in 2026 to more than £100m, as the bank leans into more autonomous models – known as agentic AI – that can proactively plan and execute tasks with minimal oversight.
A spokesperson for Lloyds Banking Group said: “We’re sorry that some customers experienced an issue viewing transactions in the app for a short time this morning. The issue was quickly resolved and we’re looking into what happened.”
#Lloyds #Banks #tech #disaster