"Between 03:28 and 08:08 that morning, customers logging into the apps could end up seeing fragments of other people's account activity if they accessed their transaction lists at almost exactly the same moment as another user."
"Lloyds says no one could move money or access accounts, but users were able to see transaction amounts, dates, and payment references, which can include personal identifiers."
"Out of 21.5 million mobile banking users, 1.67 million logged in during the affected window. Lloyds said as many as 447,936 customers may have been exposed to other people's transaction lists."
"In some cases, the transaction information visible may have related to individuals who are not Lloyds Banking Group customers, for example in an instance where a payment was made from a Lloyds Banking Group customer account to an account holder at another bank."
A software update at Lloyds Banking Group caused a glitch that exposed transaction details of up to 447,000 customers. The issue arose from an IT change made overnight on March 11-12, leading to a defect in the API. Customers could see fragments of other users' account activity between 03:28 and 08:08. While no money could be moved, users accessed transaction amounts and personal identifiers. Lloyds acknowledged the incident and is compensating affected users, with some transaction information potentially relating to non-customers as well.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]