Digital bank Monzo has revealed that almost half a million customers’ accounts may have been affected by a security glitch.
The error has now been fixed, but around one in five of the bank’s 2.6 million customers are being urged to change their PINs.
The security glitch was flagged on Friday August 2, when it was discovered that customer PINs were being copied on to log files which could be accessed by up to 110 unauthorised engineers – despite being encrypted.
Read more of today's stories here
In an email to customers, the bank, which is now valued at £2bn, wrote: “We keep a record of your PIN so we can check you’ve entered it correctly. We store them in a particularly secure part of our systems, and tightly control who in the company can access them.
“On Friday 2nd August, we discovered that we’d also been recording some people’s PINs in a different part of our internal systems (in encrypted log files).
“Engineers at Monzo have access to these log files as part of their job. We’ve deleted any information that we stored in this way, and we’ve released an update to the Monzo app.
“As soon as we discovered the bug, we immediately made changes to make sure the information wasn’t accessible to anyone in Monzo.”
Monzo insists that no parties outside of their organization had access to the PINs, and claims to have no evidence that the data which was exposed has been misused.
Writing in a blog post, the digital bank said: “By 5:25am on Saturday morning, we had released updates to the Monzo apps. Over the weekend, we then worked to delete the information that we’d stored incorrectly, which we finished on Monday morning.”
The post continued: “The issue affected less than a fifth of UK Monzo customers. If we’ve contacted you to tell you that you’ve been affected, you should head to a cash machine to change your PIN to a new number as a precaution.
“You can do this by putting your Monzo card into the cash machine, entering your old PIN and choosing ‘PIN services’. Then choose ‘Select a new PIN’ and change it to a new number.
“If you think you see anything unusual on your account, please get in touch with us straight away through in-app chat or by ringing the phone number on your debit card.
“If we haven’t emailed you, you haven’t been affected. But you should still update your app to the latest version.”
In a statement to Manchester Evening News , the bank's CEO, Tom Blomfield, said: “We’ve fixed a problem that meant we’d been recording some people’s PINs in a different part of our internal systems (in encrypted log files).
"We’ve deleted the data and done a full review of our systems and are confident this information hasn’t been accessed or used in a fraudulent way. We’ve contacted everyone affected by the issue to let them know that they should update their app and change their PIN.”
If you think you may have been affected or require further advice, you can contact Monzo on 0800 802 1281, or by emailing help@monzo.com.
Follow us on Twitter and Facebook for the latest news. We are on Instagram too. We'll also bring you live updates and notifications of breaking news on the M.E.N. app - download it here .
