Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Nearly half a Million mobile customers of Lloyds Banking Group affected by security incident

Lloyds Banking Group data incident exposed transactions of ~450,000 mobile banking users due to a faulty update. A faulty software update at Lloyds Banking Group exposed transaction details of nearly 450,000 mobile banking users on March 12. The issue caused some customers to see other users’ account activity within the app, prompting the bank to […]

Lloyds Banking Group

Lloyds Banking Group data incident exposed transactions of ~450,000 mobile banking users due to a faulty update.

A faulty software update at Lloyds Banking Group exposed transaction details of nearly 450,000 mobile banking users on March 12. The issue caused some customers to see other users’ account activity within the app, prompting the bank to disclose a data security incident affecting current account information.

According to Lloyds Banking Group, transactions were exposed only if users accessed their transaction lists at nearly the same time. A customer would need to view their own transactions within fractions of a second of another user to see or be seen. The faulty update, rolled out on March 12 at 03:28, was fixed by 08:08 and has not recurred. Exposed data could include amounts, dates, payment identifiers, and potentially National Insurance numbers.

“Up to 447,936 Lloyds, Halifax and Bank of Scotland customers saw other people’s transactions or had their data shared with other users during an IT glitch on 12 March, according to a letter published by the Treasury Select Committee.” Lloyds told the UK’s Treasury Committee. “114,182 people clicked on other people’s transactions when they became visible and then may have been shown more detailed information such as account details, national insurance numbers and payment references.”

The banking group reported that some exposed transactions involved payments to non-Lloyds customers. The company pointed out that the account balances remained unaffected, and no unauthorized actions were possible. Customers only saw other users’ data briefly, and the information alone was insufficient to commit fraud. During the incident, 1.67 million of 21.5 million mobile users logged in, with 447,936 experiencing transaction exposure or having their own transactions briefly visible to others.

“In total, £139,000 of compensation has been paid out to 3,625 customers for distress and inconvenience. No customers have, so far, been identified as suffering financial loss.” concludes Lloyds.

“Modern banking methods mean we can now perform a variety of tasks on our phones in a matter of seconds, and almost anywhere.” said Chair of the Treasury Committee, Dame Meg Hillier. “What this incident brings into focus is the fact that there is a trade-off. By moving more interactions with our bank online, we place our faith in technology which can suffer unpredictable errors. It’s critical that consumers understand this, and that’s why my Committee continues to push banks to be transparent when things go wrong.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Lloyds)