Lloyds Bank customers have been urged to be vigilant after a major technical glitch recently where people could see other people’s account details. In a worrying widespread error, a string of customers accessing their account online reported seeing other people’s account numbers, balances and transactions.

Now bank customers have been urged to think over their own cybersecurity and be careful if they are contacted out of the blue. Customers with Lloyds Bank, Halifax and Bank of Scotland, all part of the Lloyds Banking Group, shared experiences of seeing other people’s details on the morning of Thursday, March 12.

Financial expert Martin Lewis spoke about the major incident on his BBC podcast, which he said was “clearly a breach of data privacy”. In an update posted on social media after the incident, Lloyds said: “On 12 March, a limited number of customers using our app may have briefly seen transactions that weren’t theirs due to an internal IT change.

“We’re very sorry this happened. No action is needed and there was no account security issue. We’ve identified the affected customers and will contact them to provide further information.”

Incorrect transactions

In a response one particular customer, Lloyds provided more details about what had happened. The group said: “On 12 March some customers logged in between 3:30am–8:08am briefly saw incorrect transactions due to an internal change.

“It was fixed quickly and no one had access to anyone else’s account. If you’d like us to check, please message us 24/7 in the app.” Andy Pickett, chief technology officer at comparison site The Business Hub, said: “While it hasn’t officially been confirmed as a breach yet, it likely will be.

“This is quite an unusual situation at this scale for a bank. While identity fraud and cyber attacks typically come from external sources, banks are usually very methodical in their app and online platform development.” He said this incident is “on a larger scale” than you would expect from a bank.

Never do this

Lloyds customers may be worried about how secure their accounts and personal details are given this major mistake by the provider. Mr Pickett encouraged people to think about their wider online security.

He said: “Customers still remain the biggest target when it comes to fraud and scams. Since this cybersecurity risk lies with the bank, the only thing the public can do is take precautions themselves.”

The tech expert had some words of caution here. He said: “You should never continue a phone conversation if contacted directly by a bank or lender. Instead, you should hang up and call back using the official number listed on the bank’s website.

“AI-driven phone calls, video impersonation, and voice cloning are the latest wave of attacks, so it’s critical that people stay informed and share knowledge of these threats.”

There are always risks

Mr Pickett said this incident is surprising given that FCA regulations (Financial Conduct Authority) mean banks have to follow strict guidelines when making changes, to avoid issues such as this. But unfortunately, whenever a bank provider makes any changes to its systems, it does come with risks.

Mr Pickett said: “Change is required to move technology forward and, importantly, to stay ahead of cyber threats. However, no matter how strong the process, change inevitably introduces elements of the unknown. Strict change control practices can significantly reduce risk, but they can never eliminate it entirely.”