Monzo has advised almost half a million customers to change their cards pin number after uncovering a potential security flaw. The digital bank said it had incorrectly stored around 480,000 customer pins where they could be accessed by internal engineers.
Monzo said it had checked all of the accounts affected by the error and “confirmed the information hasn’t been used to commit fraud”.
The bank referred the mishandling of customer data to the Information Commissioner’s Office, the UK data regulator, after discovering the problem last Friday.
The ICO said:
“We are aware of an incident involving Monzo and we will be assessing the matter.”
In a statement to customers, Monzo said that it stored pins in a secure part of its system. But it said it had discovered it had also been storing them in a different place, in files that were encrypted but could be decrypted and accessed by its engineers.
“We’ve deleted the information we stored in this way,” the company said.
“As soon as we discovered the bug, we immediately made changes to make sure the information wasn’t accessible to anyone in Monzo.”
The company advised anyone affected to update their phone app and change their pin by visiting a cash machine, adding:
“We’re really sorry about this.”
“If you think you see anything unusual on your account, please get in touch with us straight away through in-app chat or by ringing the phone number on your debit card.”
The Financial Conduct Authority said it was “aware of the issue” but declined to comment further.
