A technical error at the heart of the Lloyds Banking Group’s mobile platform recently allowed customers to peek into the private financial lives of others. Users of the group’s three main brands—Lloyds, Halifax, and Bank of Scotland—reported a bizarre “account swapping” phenomenon within their banking apps. The incident has been characterized as one of the most significant accidental data leaks in recent memory.
Details emerged of users seeing granular data, including the exact amounts of benefit payments and specific names of transaction recipients. One user reported being able to see the sort codes and account numbers for dozens of people they did not know. Such a breach of confidentiality is a major concern for the Information Commissioner’s Office, which is now investigating.
The bank’s parent company was quick to state that the glitch had been “resolved” and that the system was back to normal. However, the 72-hour reporting window for data breaches means the full scale of the disaster is still being tallied. Investigators will look at whether encryption protocols were bypassed or if a server-side error misrouted user data packets.
This failure is part of a larger trend of technical instability among UK lenders. In early 2025, similar “payday” glitches caused chaos for millions of workers trying to access their wages. These incidents highlight a growing gap between the convenience of modern banking and the reliability of the underlying technology.
As the high street continues to lose physical bank branches, the pressure on these mobile platforms will only increase. The ICO’s inquiry will serve as a test case for how regulators handle large-scale “accidental” data exposures in the financial sector. Customers are currently waiting for further clarity on whether their specific data was among those leaked.