Cyber Incident Victim: Lloyds Banking Group

In early January 2017, Lloyds Banking Group experienced significant disruptions to its online banking services affecting customers of Lloyds Bank, Halifax, and Bank of Scotland. The incident began on the morning of Wednesday, January 11, and persisted intermittently until the afternoon of Friday, January 13. Customers encountered difficulties accessing online accounts, with some completely unable to log in or execute payments during peak disruption periods. Reports from The Financial Times cited unnamed sources attributing the outages to a large-scale distributed denial-of-service (DDoS) attack originating from overseas actors, though no specific threat group or nation-state was identified. The attack reportedly targeted the banking group's internet infrastructure, overwhelming systems with traffic. Notably, TSB Bank—which had separated from Lloyds in 2013 but still shared certain technological dependencies—also experienced parallel service interruptions despite no longer being part of the corporate group.

Lloyds Banking Group acknowledged intermittent service issues but declined to confirm any cyberattack occurred. A company spokesperson stated that normal service was maintained for most customers during the three-day period, with only a "small number" experiencing problems that often resolved upon subsequent login attempts. The bank apologized for inconvenience but explicitly refused to speculate on the root cause. No customer financial losses or data breaches were reported as a direct consequence of the disruptions. Service was fully restored by January 13, with the bank emphasizing operational normality thereafter. The incident highlighted banking sector vulnerability to disruption attacks, though forensic details regarding attack vectors, mitigation measures, or perpetrator identification remained undisclosed by the institution.