Monzo urge customers to change PINs immediately

6 August 2019   By Dr Lucy Brown, Editor

Mobile only bank warns that some PINs were encrypted in a location some engineers have access to.

While there is no suggestion the data had been misused, Monzo have taken steps to fix the problem by issuing an update to the app.

480,000 UK accounts have been affected by the error, approximately a fifth of all Monzo customers.

The revelation comes after a series of outages last week impacting customer support response, card transactions and accurate balance displays.

monzo bank card

What happened to Monzo PINs?

PINs are encrypted by all banks and kept in a secure location where only those with the relevant clearance can access them.

Monzo discovered on 2 August that some customer's PINs were stored in a different part of the system within encrypted log files.

This location was still secure but Monzo engineers have access to those log files as part of their roles, meaning they were available to access by those without the necessary clearance.

Monzo have blamed a bug for the information being stored in the wrong location, and they say they have now deleted the information from those encrypted logs.

They also issued updates to the Monzo apps early on Saturday morning, so customers should check they're on the latest versions of the app: iOS 2.59.0 and Android 2.59.1.

As a precautionary measure, all 480,000 customers impacted by the error are being advised to change their PIN using a cash machine.

If you're a Monzo customer and you haven't been contacted, your account hasn't been affected by the breach, but you should still update your app.

Read our guide on the safety of mobile banking apps here.

Security blunder

As there is no suggestion any of the data was used for nefarious purposes, this error is categorised more as a blunder than a breach.

Monzo have reported themselves to the Information Commissioner's Office as a precaution and are adamant no PINs were accessed by anyone outside of the bank itself.

In comparison to the major hacks and data breaches that regularly hit the headlines, this blunder by Monzo is relatively small - as long as no customers are negatively impacted by it.

However, it was the second piece of bad publicity for Monzo in the space of a week, following a series of outages on 29 and 30 July that impacted daily customer transactions like debit card usage and balance checking.

The issues were speedily resolved and, again, issues like this are often in the news when traditional banks have trouble with their systems.

Growing mobile only sector

Monzo now have 2.6 million customers in the UK, making it a real challenger to the traditional high street model of banking.

They have started to adopt more of the functions of traditional banks including the launch of a digital ISA in conjunction with OakNorth in April.

They are widely seen as a the challenger bank to beat, with new prepaid card provider Viola Black running a publicity campaign with the slogan 'Move Over Monzo' when they first teased their own launch back in January.

With recent forecasts suggesting that mobile banking app usage will overtake traditional in-branch banking by 2021, the integrity of digital banking systems needs to be as secure as possible.

Challengers like Monzo rely more on their reputation as digitally secure than traditional banks as there is literally no other way to bank with them.

So, even comparatively small blunders like the PIN issue could prove to be a red flag for some customers, even if no harm was done.

independent comparison

We are independent of all of the products and services we compare.

fair comparison

We order our comparison tables by price or feature and never by referral revenue.

charity donations and climate positive

We donate at least 5% of our profits to charity, and we have a climate positive workforce.