Monzo asks customers to change PINs after storage bug discovered

Monzo asks customers to change PINs after storage bug discovered

Monzo is asking up to half a million customers to change their PINs after discovering a bug that rendered them accessible to engineer's working on the bank's systems.

The security oversight saw customer PINs inadvertently stored in two distinct files in the company's architecture, one of which was open to engineer's as part of their job.

The challenger has spent the weekend deleting the files that were stored incorrectly and releasing updates to the Monzo app.

"No one outside Monzo had access to these PINs," says the bank. "We’ve checked all the accounts that have been affected by this bug thoroughly, and confirmed the information hasn’t been used to commit fraud.

"Just in case, we’ve messaged everyone that’s been affected to let them know they should change their PIN by going to a cash machine."

The issue affected a fifth of the bank's 2.5 million customers.

Comments: (5)

Alexander Mostowfi
Alexander Mostowfi - Oracle Corporation - London 05 August, 2019, 17:02Be the first to give this comment the thumbs up 0 likes

Assuming I read this correctly, this means 1/5 of Monzo's 2.5M customers now need to change their card pin via a visit to a cash machine, more importantly if those customers used the same pin on multiple cards (as many customers do for convenience) they will need to change their other bank card pins too. 

Craig Lawrance
Craig Lawrance - Starkspur Ltd - Chalfonts 05 August, 2019, 17:382 likes 2 likes

absolutely shocking!  Are these guys a Bank or are they just playing at banking?

Robin Setty
Robin Setty - ACI Worldwide (EMEA) Limited - Watford 06 August, 2019, 10:081 like 1 like

One of the competitive advantages of the new entrants is that they're under less scrutiny than traditionals.  Imagine, the noise if this were NatWest or Barclays?

A Finextra member
A Finextra member 06 August, 2019, 11:23Be the first to give this comment the thumbs up 0 likes

WP: They are indeed a bank, and showing the older ones how transparency works.  Can you guarantee that this has never happened at your bank?  I used to struggle to get hold of mine, let alone hear from them proactively.  Did your bank spot the Ticketmaster fraud and re-issue cards to everyone who'd shopped there, before notifying Ticketmaster, who previously had no idea?  Banking is moving on, which is a good thing.  Who is under less scrutiny?  The rules are all the same, and the customers of these new banks are a lot more active on social media...

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 06 August, 2019, 11:541 like 1 like

According to the common narrative:

Traditional Banks make Customers visit Branches because their UX sucks. 

To that we can now add:

Challenger Banks make Customers visit ATM Machines because their Security sucks.

LOL, I never imagined this is how the "UX versus Security" Holy Grail will be cracked eventually:)