After basking in the glow of exposing the Ticketmaster data breach last week, digital challenger bank Monzo has itself become the victim of a data leakage that saw the personal details of some 20,000 customers lifted from third party survey firm Typeform.
Monzo generated plenty of favourable news print last week for its role in first spotting a spike in fraud on Ticketmaster customer accounts back in April, some three months before the breach that affected the payment card details of 40,000 people was officially confirmed by the live events site.
The Monzo blog this week makes for more prosaic reading, with the company now reporting on its own victimisation at the hands of cyber crooks. On this occasion, the vast majority of the 20,000 customers affected had just their e-mail addresses exposed, although a smaller number also had additional information, such as postcodes, and names of previous banks stolen.
Monzo says the attackers found a weakness in Typeform's security, gaining access to data backups for surveys conducted before 3 May 2018.
"At the moment, we’re focused on letting affected customers know what’s happening, and we’re informing the Information Commissioner’s Office as soon as possible," says CEO Tom Blomfield. "We’re also ending our contract with Typeform, at least until they can prove they’ve improved their security, and have deleted all customer data from their servers. In future, to reduce the chance of similar incidents, we’ll remove all survey data from any provider within two months of the survey."
Blomfield's week is turning out to be quite, well, challenging, as the company also reported a four-fold increase in losses to £33.1 million. While the number of user soared to 750,000, customer deposits stood at just £71.2 million, equating to less than £150 per account.