Customers of Lloyds Bank, Halifax, and Bank of Scotland woke up to a shock on March 12, 2026, as a technical glitch in the banks’ mobile and online apps revealed strangers’ account details, transactions, and even sensitive information like National Insurance numbers. The incident, which lasted for a short but alarming period in the morning, has triggered investigations by both the banks and the UK’s financial regulators, and left millions questioning the security of their digital banking experience.
The trouble began early Thursday, when users logging into the apps of Lloyds, Halifax, and Bank of Scotland—three of the UK’s largest and most trusted banking brands, all owned by Lloyds Banking Group—found themselves staring at unfamiliar payments, names, and spending histories. Some customers, like Helen Jermy, were stunned to see “loads of transactions” they didn’t recognize. “At one point, I had over a million pounds showing as paid in,” Jermy told BBC News, a sum far beyond her usual balance. For others, the breach went beyond simple confusion, exposing details that could be used for fraud or identity theft.
One woman, who preferred not to be named, described a surreal experience on the Bank of Scotland app. Over a 20-minute period, she saw the accounts of six different users, including transactions from a pub in Newcastle—154 miles from her home in Kirkcaldy, Fife—fees for overseas card use, wage payments from a company in England, and even benefits payments from the Department for Work and Pensions (DWP). These DWP payments included the recipients’ National Insurance numbers as payment references, a detail that raised the stakes considerably. “I kept logging out and back in, and every time the details changed,” she explained to BBC News. “I can see another person’s bank account, he got paid £6,000 yesterday. Others, I can see their benefits payments, their National Insurance numbers, I can see where they work, almost their whole identity.”
Social media platforms, especially X (formerly Twitter), quickly filled with anxious posts. One Bank of Scotland customer wrote, “Serious problems with your mobile app today I am getting other people’s bank account spending appearing on my account and then disappearing! I can’t access your fraud service to inform anyone sort it out! I have taken pictures to prove it.” Another frustrated user said, “Four times I have logged out and back in again, and I am getting different people’s transactions each time. This is not acceptable.”
For Carl Lewis, a Lloyds Bank customer, the glitch was more than an inconvenience—it was a violation of trust. “It was the full history of the account that I could stroll through month by month, including direct debits to the DVLA where the car registration number is shown,” he recounted to the BBC. “This made me very concerned about the safety of my details.”
Downdetector, a website that tracks outages, saw a sharp spike in reports of problems with the Halifax and Lloyds apps between 7:00 and 9:00 a.m., and a smaller surge for Bank of Scotland. Hundreds of complaints poured in, with customers describing issues ranging from unfamiliar transactions to being unable to access their own accounts. The situation was reminiscent of previous outages; in January and February 2025, the same group’s apps suffered technical difficulties on payday, affecting about 700,000 customers, some of whom were locked out for hours.
Lloyds Banking Group, which serves 26 million customers and is the UK’s largest retail and commercial banking provider, moved quickly to reassure the public. “We’re sorry that some customers experienced an issue viewing transactions in the app for a short time this morning. The issue was quickly resolved, and we’re looking into what happened,” a spokesperson said in a statement echoed across news outlets and social media. On X, the Lloyds Bank account responded directly to worried users: “This morning we incorrectly showed transaction information from some accounts to other customers in Internet Banking and the mobile app. We’re sorry this happened. This issue was quickly identified and resolved.”
Despite the bank’s assurances that “nobody had access to your accounts” and that balances remained accurate, the brief exposure of personal data—including names, sort codes, and spending histories dating back to December 2025—sparked widespread privacy concerns. Some customers found that logging out and back in fixed the issue, but others continued to face problems as investigations unfolded.
The seriousness of the incident was not lost on regulators. The Information Commissioner’s Office (ICO), the UK’s data watchdog, confirmed it was aware of the breach. “We are aware of an incident affecting some online banking services and we will be making enquiries,” a spokesperson told the press. The Financial Conduct Authority (FCA), responsible for overseeing the conduct of financial firms, also weighed in: “We’re in contact with Lloyds Banking Group to understand what’s happened and how it’s being resolved. We expect firms to protect customer data and be able to respond to and quickly recover from disruptions.”
For many, the most unsettling aspect was the nature of the glitch itself. Markos Zachariadis, professor of financial technology and information systems at the University of Manchester, described the event to BBC News as “unusual,” suggesting that as digital banking becomes more sophisticated and data architectures more complex, such issues could become more frequent. “As data openness becomes greater and more complex architectures arise, such issues can become even greater,” he warned.
While Lloyds Banking Group has not disclosed exactly how many customers were affected, nor whether it has formally notified the ICO or other regulators, it has pledged to review the incident thoroughly to prevent a recurrence. “Protecting our customers’ personal information and account security remains our priority,” the group stated, emphasizing its commitment to robust digital safeguards.
This is not the first time the group has faced scrutiny over its digital infrastructure. The 2025 payday outages, which left hundreds of thousands unable to access their accounts or view transactions, prompted calls from consumer groups and officials for stronger resilience in the UK’s banking systems. Those earlier glitches, however, did not involve the exposure of other people’s financial information—a key distinction that has made the latest incident especially troubling for customers and privacy advocates alike.
In the aftermath, some customers remain skeptical of the explanations provided. As one user put it bluntly on social media, “Lloyds’ explanation for the problems didn’t wash with some users.” The episode has left a lingering sense of unease, with many now wondering whether the convenience of digital banking is worth the risk of rare—but very real—errors that can upend both privacy and trust.
As the investigation continues and the bank works to regain customer confidence, the incident stands as a stark reminder: even the most established institutions are not immune to the pitfalls of modern technology, and the protection of personal data must remain at the forefront of the digital banking revolution.