Lloyds Bank Blames Faulty API Code Design for Exposing Financial Data to 447,000 App Users
Lloyds Bank reveals how a faulty API update exposed transaction details of 447,000 customers. Read the full report on the design defect and bank's response.
By: AXL Media
Published: Apr 2, 2026, 9:18 AM EDT
Source: Information for this report was sourced from CSO Online
The Technical Genesis of the Synchronization Error
Lloyds Banking Group has identified the specific technical failure that resulted in a widespread breach of customer privacy on March 12. In a detailed correspondence with the UK Parliament’s Treasury Committee, the institution explained that an overnight IT modification inadvertently created a synchronization defect. This glitch allowed two customers accessing their mobile applications at the exact same moment to gain visibility into each other’s financial records. The bank localized the fault to the design of the code used to update its Application Programme Interface (API), which serves as the critical bridge between the user interface and the bank's core data.
The Scale of Potential Data Exposure
The magnitude of the incident is clarified by the bank’s internal audit of its 21.6 million mobile application users. According to the report, 447,936 individuals may have been presented with transaction data that did not belong to them, or conversely, had their own personal financial history displayed to another user. Of that group, the bank estimates that 114,182 customers actively clicked to view specific transaction details during the window of the glitch. While the exposure was significant in terms of volume, the bank has maintained that the nature of the view was limited to transaction history rather than full account control.
Institutional Response and Regulatory Compliance
Following the discovery of the API defect, Lloyds Banking Group stated that it immediately notified the relevant financial authorities to ensure transparency. This includes formal reports to the UK Information Commissioner’s Office (ICO), which oversees data privacy and protection regulations. The bank’s leadership has emphasized their full cooperation with ongoing inquiries and noted that the technical issue was contained shortly after it was identified. By engaging directly with the Treasury Committee, the bank is attempting to mitigate the reputational fallout from what is being characterized as a fundamental design error in its digital infrastructure.
Categories
Topics
Related Coverage
- Grassroots Groups Challenge Colorado Law Enforcement Over Rapid AI License Plate Camera Expansion
- Prime Minister Keir Starmer Faces Critical Commons Vote Over Alleged Misinformation in Mandelson Appointment
- British Lawmakers Push for Strict Advertising Bans Following APPG Report on Public Health Risks
- Traffic Police officer convicted for illegally accessing Home Affairs systems to aid friend’s criminal intimidation