Skip to main contentSkip to navigationSkip to navigation
Print subscriptions
Sign in
Search jobs
Search
The Guardian - Back to homeThe Guardian
Monzo Bank’s app icon.
Monzo Bank’s app icon. The digital bank says it has now corrected a bug that could have exposed the pins of some of its customers to unauthorised staff. Photograph: Alamy
Monzo Bank’s app icon. The digital bank says it has now corrected a bug that could have exposed the pins of some of its customers to unauthorised staff. Photograph: Alamy

Monzo urges 480,000 customers to change their pin numbers

This article is more than 4 years old

Digital bank says ‘bug’ meant unauthorised staff had access to numbers for six months

The digital bank Monzo has urged nearly 480,000 customers to change their pins after it left banking information exposed to unauthorised staff for six months.

The bank, which is now valued at £2bn, said it usually stored pin records in a “particularly secure” part of its internal system where it could tightly control which staff members could access them. But on Friday, the bank discovered that pins were also being copied on to log files, that while encrypted, could be accessed by about 110 unauthorised engineers.

The Guardian understands that pins were mis-stored for up to six months, and that the situation has since been reported to the Information Commissioner’s Office as a precaution.

About one in five of the bank’s 2.6 million customers, or around 480,000 UK accounts, have been affected.

Monzo pushed ahead with an app upgrade early on Saturday morning after discovering the flaw, and worked throughout the weekend to delete the information it had incorrectly stored. That process was completed on Monday.

Monzo insisted that no one outside the bank had access to the pins and said it had no evidence suggesting the data was misused.

“We’ve checked all the accounts that have been affected by this bug thoroughly, and confirmed the information hasn’t been used to commit fraud,” Monzo said in a blogpost.

“Just in case, we’ve messaged everyone that’s been affected to let them know they should change their pin by going to a cash machine.”

The bank also sent emails to potentially affected customers on Monday, apologising for having mismanaged the sensitive data.

While the issue is said to have been resolved, it is one of the worst IT problems to hit the app-only bank since its launch in 2015.

Sign up to the daily Business Today email or follow Guardian Business on Twitter at @BusinessDesk

Last week Monzo was affected by a temporary outage that meant some card purchases were failing to go through. Others were unable to login or receive bank transfers.

The brand, known for its hot coral pink cards, is particularly popular among millennials in the south-east but is quickly spreading across the UK. With plans to expand to the US its chief executive, Tom Blomfield, expects the bank to grow to 3 million customers in a matter of months.

Blomfield’s growth plans have been fuelled by a fresh round of funding announced in June, which helped Monzo double in value to £2bn.

Explore more on these topics
Share
Reuse this content

More on this story

More on this story

  • Monzo to clinch extra £350m from investors before expected listing

  • TSB reimbursed 15 times more customers’ fraud losses than Monzo in 2022

  • Jeremy Hunt reveals he was refused Monzo bank account

  • Monzo under investigation by FCA over anti-money laundering rules

  • Monzo closes premium packaged account to new customers

  • Smartphone-only bank Monzo eyes billion-pound valuation

  • Monzo? It might just be the future of banking

  • Contactless means your car keys are the debit card of the future

  • A free railcard or a £2,000 overdraft? How to pick the best student account

  • Getting to grips with a £32,220 student debt – and how you can lighten the load

Most viewed

Most viewed