Challenger bank Monzo has told some of its users to change their PIN immediately following a security issue that could have left customer accounts compromised.
The company has emailed 480,000 customers (around a fifth of its total user base) to tell them to update their mobile app and change PIN number after it discovered the flaw over the weekend.
A storage issue meant that PIN details, wich are taken whenever a user makes a payment on their Monzo account, were being copied and recorded onto log files in a different part of the company's internal systems to the usual process.
- How Apple Card, Revolut, Monzo and Starling signal the future of banking
- How to transfer money to your friends and family
- Our helpful guide on how to use Apple Pay
Monzo
These systems could then be accessed by around 110 unauthorised engineers, although there is no indication any criminal activity may have taken place.
Monzo, which is valued at around £2bn, said that about one in five of its total 2.6 million UK customers had been affected, and that the incorrectly stored information had now been deleted. The company has also now released an upgrade to its Android and iOS app, and has told users to update immediately.
Although customer information was not leaked or breached to a wide audience, the incident is still somewhat embrasasing fo Monzo, and hopefully will act as a wake-up call for the company to up its security protection.
“We’ve checked all the accounts that have been affected by this bug thoroughly, and confirmed the information hasn’t been used to commit fraud,” Monzo said in a blog entitled “We've fixed an issue that meant we weren’t storing some customers’ PINs correctly”
“Just in case, we’ve messaged everyone that’s been affected to let them know they should change their pin by going to a cash machine.”
Monzo recently soft launched in the US following a successful initial UK campaign, with users praising its ease of use and clear access to their spending records.
- The best free personal finance software 2019
No comments yet.