The chair of the Treasury Committee of MPs has written to Lloyds Banking Group boss demanding more information about an “alarming breach of confidentiality”.
On the morning of March 12, some users of the banking group’s current accounts were able to see the financial transactions of strangers when they opened their banking apps. Users of the group’s Halifax, Bank of Scotland and Lloyds Bank apps reported the problems – and while the bank apologised, it did little to explain what went wrong.
At the time, the bank said in a statement: “We’re sorry that some customers experienced an issue viewing transactions in the app for a short time this morning. The issue was quickly resolved and we’re looking into what happened.”
Data breach
Responding to MoneySavingExpert.com (MSE) founder Martin Lewis on Twitter, one user said: “My dad opened the Lloyds Bank app with facial recognition. It showed all details for a lady from incomings, outgoings & account number. Having worked in a building society, this is not just a ‘simple glitch’ as they are trying to tell everyone. This is a bit more serious!”
Another said: “Lloyds app this morning. Saw transactions I didn’t recognise – incoming/outgoing with shop names and recipient/sender names, card transaction locations, amounts, last 4 digits of the card used, direct debits and their reference numbers. No account holder name though.”
Meg Hillier MP, the chair of the Treasury Committee has written to the bank’s CEO Charlie Nunn about the problem experienced by its customers last week. She wrote in the letter: “On the face of it, this is an alarming breach of data confidentiality. In the interests of transparency, I would welcome a set of responses from Lloyds Banking Group related to this troubling incident.”
On behalf of MPs, she requested an overview of the incident, how many people were impacted, more details about the banking channels affected, and a description of the information that has been incorrectly presented to people other than the correct account holder.
She also asked whether it is possible to identify those whose information has been incorrectly passed on to others, and, if so, how the bank will communicate with them. “What steps are you are taking to encourage those who may have taken copies of data to which they were not entitled to delete it?” she added.
Hillier asked for details of how much compensation the bank has paid related to the incident and whether it will be “proactive in providing compensation to those who may at present not know they have been a victim of this data breach”.
She demanded to know when Lloyds Banking Group first informed the Financial Conduct Authority and the Information Commissioner’s Office about this breach and what the initial explanation was.
Banks under spotlight
MPs on the Treasury Committee are watching closely. Following a major outage at Barclays Bank in January 2025, they demanded that banks come clean about access issues.
MPs set questions for the UK’s nine biggest banks, including Lloyds. Bank bosses were asked to provide an overview of the number of instances and the amount of time in total that services have been unavailable to customers due to IT failure over the past two years; how many customers have been affected; the amount of compensation that has been paid to their customers; and a description of the reason for the failures. The letters to the bank CEOs can be read here.
Data received from banks by MPs on the Treasury Committee revealed at least 158 banking IT failures between January 2023 and February 2025, equating to more than 800 hours of service unavailability. Barclays Bank reported the most incidents, at 33; followed by Allied Irish Bank, HSBC and Santander, with 32 each. Nationwide Building Society reported 18 outages, NatWest 13 and Lloyds Bank 12. In single figures were Allied Irish Bank, with nine; Danske, with five; and Bank of Ireland, with four.
