From data security darling to cyber fall guy, Monzo experiences a breach of its own

From data security darling to cyber fall guy, Monzo experiences a breach of its own

After basking in the glow of exposing the Ticketmaster data breach last week, digital challenger bank Monzo has itself become the victim of a data leakage that saw the personal details of some 20,000 customers lifted from third party survey firm Typeform.

Monzo generated plenty of favourable news print last week for its role in first spotting a spike in fraud on Ticketmaster customer accounts back in April, some three months before the breach that affected the payment card details of 40,000 people was officially confirmed by the live events site.

The Monzo blog this week makes for more prosaic reading, with the company now reporting on its own victimisation at the hands of cyber crooks. On this occasion, the vast majority of the 20,000 customers affected had just their e-mail addresses exposed, although a smaller number also had additional information, such as postcodes, and names of previous banks stolen.

Monzo says the attackers found a weakness in Typeform's security, gaining access to data backups for surveys conducted before 3 May 2018.

"At the moment, we’re focused on letting affected customers know what’s happening, and we’re informing the Information Commissioner’s Office as soon as possible," says CEO Tom Blomfield. "We’re also ending our contract with Typeform, at least until they can prove they’ve improved their security, and have deleted all customer data from their servers. In future, to reduce the chance of similar incidents, we’ll remove all survey data from any provider within two months of the survey."

Blomfield's week is turning out to be quite, well, challenging, as the company also reported a four-fold increase in losses to £33.1 million. While the number of user soared to 750,000, customer deposits stood at just £71.2 million, equating to less than £150 per account.

Comments: (2)

A Finextra member
A Finextra member 03 July, 2018, 09:22Be the first to give this comment the thumbs up 0 likes

WP: Wow - that is one of the more sensationalist headlines I've seen on here!  A survey company used by a bank for non-financial surveys gets hacked (Monzo wasn't the only customer I heard from yesterday, but they did have the best comms), and you make it sound like Monzo itself was hacked!  Very poor journalism.  Also - to your last point, why would people store large amounts in current accounts, unless they had to as part of a package?  I had thought a large percentage of Monzo users may still be just using it abroad, so an average of £150 is actually quite high.

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 03 July, 2018, 19:22Be the first to give this comment the thumbs up 0 likes

I find the headline totally accurate. According to the article, Monzo is the victim of somebody else's fault. Which is exactly what "fall guy" in the headline conveys. For a bank to make money off of current account, it has to make customers store more money, whether customer would need / want to or not. That's Banking 101. If Monzo hasn't managed to do that, it does face a huge challenge and that's what the article says.