🔥 Get Your $1000 Gift Card Instantly! 🔥
🎉 1 out of 4 wins! Claim your $1000 gift card in just 1 minute! ⏳
💎 Claim Now 🎁 Get $1000 Amazon Gift Card Now! 🎯
Lloyds apologises for sending customer other retail investors’ statements
Unlock the Editor’s Digest for free
Roula Khalaf, Editor of the FT, selects her favourite stories in this weekly newsletter.
Lloyds Banking Group has apologised after mistakenly sending a customer hundreds of pages of information about other clients’ investments.
The customer of its retail investing business, Lloyds Bank Direct Investment, received a package sent to his home address via first-class post in December which contained bank statements showing the names, addresses and portfolio movements of a dozen other clients.
The package also contained information about his own portfolio. Most of the documents tracked the movements of others’ investments over time, and included one portfolio worth more than £5mn.
The apology from Lloyds came after the customer who received the package lodged a complaint with the bank about the data breach.
In an email to the customer, a representative of a Leeds branch of Lloyds said the incident had happened due to “human error”.
“Prior to sending out our quarterly statements, we conduct an internal statement run to ensure accuracy. This process involves randomly selecting a number of Lloyds Bank Direct Investment customers, printing their statements and reviewing them internally,” the email said.
“Unfortunately, when the package was received in our office, a member of staff opened it and found your statement on top. They mistakenly posted the entire package to your address without following the correct procedure,” the Lloyds employee added.
The representative also said that a breach of the UK’s data protection rules “has been raised to investigate this incident thoroughly”. Personal data breaches that meet the threshold for reporting have to be notified to the Information Commissioner’s Office, the UK’s privacy watchdog, without undue delay, and within 72 hours of the breach being discovered.
The customer who received the package also reported the data breach to the ICO. Lloyds did not confirm whether it had reported the breach.
In the same email, Lloyds offered to pay the customer £300 in compensation for the “distress and inconvenience” caused, which it said would be “in full and final settlement” of the complaint.
Lloyds told the Financial Times: “We take our data protection responsibilities seriously and are sorry that one customer also received some other customers’ statements in the post due to human error.
“Our process was changed in December last year when this took place to ensure this doesn’t happen again.”
A person familiar with Lloyds’ approach said that affected customers were being contacted to inform them that their data had been breached. Lloyds did not confirm whether it had proactively contacted them before the FT contacted the bank about the breach.
The ICO has the power to investigate complaints, reprimand companies and issue fines.
In 2013, it issued a £75,000 fine to the Lloyds-owned Bank of Scotland after it found that the lender had repeatedly sent faxes that included customer details to the wrong recipients.
Unlike data that includes information about characteristics including race, ethnic origin, genetics, religion and sexual orientation, financial data is not automatically classified as sensitive or “special category” data under UK data protection rules.
