Monzo has warned its customers to change their PINs immediately after the company identified a security breach in their system.
The British digital bank was forced to apologise after approximately one in five customers (around half a million people) had their bank details compromised.
The company revealed yesterday (August 5) that some PINs (personal identification numbers) had been wrongly stored due to a ‘bug’ in their internal system.
Since the bug was discovered on Friday (August 2), Monzo has released updates to its customers and has since resolved the issue, which meant some people’s PINs had been wrongly stored in encrypted log files visible to the company’s engineers.
The company said in a statement:
We’ve fixed an issue that meant we weren’t storing some customers’ PINs correctly… On Friday 2nd August, we discovered that we’d also been recording some people’s PINs in a different part of our internal systems (in encrypted log files).
Engineers at Monzo have access to these log files as part of their job. We’ve deleted the information that we stored in this way. As soon as we discovered the bug, we immediately made changes to make sure the information wasn’t accessible to anyone in Monzo.
The digital bank reassured customers that ‘nobody outside Monzo had access to these PINs,’ but advised those affected to change their PIN ‘just in case’.
They added:
We’ve checked all the accounts that have been affected by this bug thoroughly, and confirmed the information hasn’t been used to commit fraud.
Just in case, we’ve messaged everyone that’s been affected to let them know they should change their PIN by going to a cash machine.
The company went on to say that, by 5.25am on Saturday morning, they had released updates to the Monzo apps and then worked to delete the information they had stored incorrectly over the weekend.
If you’ve got a Monzo account but haven’t received any correspondence from them, don’t worry. The bank confirmed if you haven’t received an email from them, your account wasn’t affected.
Even so, they advised everyone with an account to update the app to the latest version to fix any previous bugs in the system. And those of you that were affected should head to your nearest cash machine to change your PIN to a new number – just as a precaution.
The bank, which was founded in 2015 and quickly became popular for its mobile-only approach, ended by saying they were ‘really sorry’ about the breach and urging their customers to get in touch if they have any questions or concerns.
If you have a story you want to tell send it to UNILAD via [email protected]
A Broadcast Journalism Masters graduate who went on to achieve an NCTJ level 3 Diploma in Journalism, Lucy has done stints at ITV, BBC Inside Out and Key 103. While working as a journalist for UNILAD, Lucy has reported on breaking news stories while also writing features about mental health, cervical screening awareness, and Little Mix (who she is unapologetically obsessed with).