Monzo has disclosed a security oversight that saw nearly 480,000 customer PINs stored incorrectly within its internal systems.
Discovered on Friday, the bug was spotted by one of Monzo’s security engineers, and meant that some login details were simultaneously stored in encrypted log files accessible by around 100 unauthorised staff.
Although an audit did not find any fraud as a result, the digital challenger bank emailed around one in five of its 2.6 million customers to inform them and advise that they should change their PIN.
In a blog post, Monzo explained that it keeps a record of PINs in order to check customers entered them correctly.
“We store them in a particularly secure part of our systems, and tightly control who at Monzo can access them.
“On Friday 2nd August, we discovered that we’d also been recording some people’s PINs in a different part of our internal systems (in encrypted log files), engineers at Monzo have access to these log files as part of their job.”
Monzo said it has since deleted the PIN information that was stored in this way, and by Saturday morning, it had released updates to the app.
“Over the weekend, we then worked to delete the information that we’d stored incorrectly, which we finished on Monday morning,” added the statement.
Latest News
-
Gemini to cut quarter of workforce and exit UK, EU and Australia as crypto slump forces retrenchment
-
Bank ABC’s mobile-only ila bank migrates to core banking platform
-
Visa launches platform to accelerate small business growth in US
-
NatWest to expand Accelerator programme to 50,000 members in 2026
-
BBVA joins European stablecoin coalition
-
eToro partners with Amundi to launch equity portfolio with exposure to ‘megatrends’
Creating value together: Strategic partnerships in the age of GCCs
As Global Capability Centres reshape the financial services landscape, one question stands out: how do leading banks balance in-house innovation with strategic partnerships to drive real transformation?
Data trust in the AI era: Building customer confidence through responsible banking
In the second episode of FStech’s three-part video podcast series sponsored by HCLTech, Sudip Lahiri, Executive Vice President & Head of Financial Services for Europe & UKI at HCLTech examines the critical relationship between data trust, transparency, and responsible AI implementation in financial services.
Banking's GenAI evolution: Beyond the hype, building the future
In the first episode of a three-part video podcast series sponsored by HCLTech, Sudip Lahiri, Executive Vice President & Head of Financial Services for Europe & UKI at HCLTech explores how financial institutions can navigate the transformative potential of Generative AI while building lasting foundations for innovation.
Beyond compliance: Building unshakeable operational resilience in financial services
In today's rapidly evolving financial landscape, operational resilience has become a critical focus for institutions worldwide. As regulatory requirements grow more complex and cyber threats, particularly ransomware, become increasingly sophisticated, financial services providers must adapt and strengthen their defences. The intersection of compliance, technology, and security presents both challenges and opportunities.
© 2019 Perspective Publishing Privacy & Cookies
Recent Stories