Breaking news: UK bank apps show customers other users’ transactions
Customers using mobile banking apps from Lloyds, Halifax and Bank of Scotland were able to see other people’s banking transactions due to a technical glitch, raising serious concerns about personal data protection.
The incident occurred on the morning of 12 March 2026, when users reported that transactions appearing in their banking apps did not belong to them. Instead, they were shown payment details and financial activity associated with other customers’ accounts. The bank group said the problem was quickly identified and resolved, but an investigation is now underway to determine what caused the failure.
Customers report seeing other people’s financial information
Several users said they could view transactions linked to strangers, including salary payments, benefit payments, and everyday spending. In some cases, sensitive personal data such as National Insurance numbers and payment references were visible within the transaction details.
One customer reported being able to view the accounts of six different individuals over a 20-minute period, highlighting the scale of the potential exposure.
Although it seems that customers did not gain access to other accounts directly, the visibility of other people’s transaction data still raises significant privacy and security concerns.
Why this incident qualifies as a data breach
Under UK data protection law, a personal data breach occurs when personal information is accidentally disclosed, accessed, or made visible to unauthorised individuals.
Financial transaction data revealing spending habits, income, employer information, and government payments was shown to other customers without permission as well as NI numbers. This unauthorised disclosure of personal data is a personal data breach.
Regulatory oversight and investigation
A spokesperson for the data regulator, the Information Commissioner’s Office (ICO) said: “We are aware of an incident affecting some online banking services and we will be making enquiries.” This will likely cover how the fault occurred and whether the bank group complied with its data protection obligations. The bank will be required to demonstrate that it had appropriate technical and organisational measures in place to prevent such incidents.
What customers should do
Customers who believe their personal information may have been exposed should:
- Monitor their accounts for unusual activity
- Report concerns directly to their bank
- Consider raising a complaint if they believe their personal data has been mishandled
- Contact the ICO if they are not satisfied with the organisation’s response