Lloyds replacing some debit cards after cyber-attacks

  • Published
A Lloyds credit card tapped on an Oyster Card readerImage source, Getty Images

Lloyds Banking Group has confirmed it is reissuing debit cards to customers affected by cyber-attacks on Ticketmaster and British Airways.

The bank has reissued debit cards to all customers that have made purchases on Ticketmaster's website.

It is also working with BA to establish which customers have had their details compromised during two cyber-attacks.

Lloyds said it had a "range of approaches" designed to protect customers from fraud.

A Lloyds Banking Group representative told the BBC: "In all cases, we take all possible steps to minimise time without a card."

In the case of debit cards, the bank immediately issues a new card if it detects fraud.

But when it comes to credit cards, Lloyds first writes to customers telling them that it intends to reissue their cards, and customers are given the option to opt out.

Lloyds said it had already written to customers affected by the Ticketmaster breach, which made up about 1% of all credit card customers.

Barclays Bank has confirmed that in the event of a data breach, it would replace the debit cards of customers who may have been affected as a precautionary measure.

A representative for HSBC told the BBC: "Protecting our customers and their money is an absolute priority for us, which is why we have put in place additional monitoring on cards that may have been affected by recent issues, but we are happy to replace a customer's card if that is their preference."

The BBC has contacted RBS for comment, and is waiting for a response.


In September and October, BA revealed that two cyber-attacks had been carried out on its website.

After the first attack, BA owner IAG revealed in a stock exchange announcement that 185,000 people had had payment card details stolen, with 77,000 customers having their name, address, email address and detailed payment information taken.

However, it did not reveal details of how many people had been affected by the second attack.

In June, Ticketmaster admitted that it had suffered a security breach to its website that affected up to 40,000 UK customers who purchased or attempted to purchase tickets between February and 23 June 2018.