The company stressed that at no point did any customer have full access to another account, and said it had not identified any loss suffered by any customer. It said it had notified all the relevant financial authorities, as well as the UK Information Commissioner’s Office, which regulates data privacy, and was fully co-operating with any further enquiries.
The bank said that of the 21.6 million users of its mobile app, 447,936 may have been presented with another user’s transactions, or had their transactions presented to another user, and of those 114,182 customers may have clicked to view details of a transaction during the incident and thus may have been presented with details of someone else’s transactions.
