UK Challenger bank Monzo is advising its users to change their PIN at an ATM as an internal “bug” resulted in customer’s security codes being stored in the wrong part of the cloud-based bank’s infrastructure.
The bank says that they discovered a bug on Friday August 2 that was erroneously storing customer’s PIN codes in an encrypted log file that engineers at the bank had full access privileges to.
Monzo said the incident affects circa 500,000 of its 2.5 million customers.
It is informing customers that it has deleted files and resolved the bug. Responding to customers on its site Monzo employee Beatrice Borbon stated “No information has been exposed outside Monzo, and there’s no evidence that this data has been used for fraud. We’ve updated the app, and we’re about to contact some of you to let you know you should change your PIN as a precaution.”
The bank is advising customers to change their PIN at a cash machine as a precaution.
Monzo Change Pin Warning
The challenger bank has ruled out fraud at this stage noting that they have checked all accounts that are affected by this bug “thoroughly.”
They’re advising customer that even if they don’t contact them to advise they change their PIN, users of the banking application should still update it to the current version in the Google Play or Apple store.
Monzo have informed the Information Commissioner’s Office, but purely as a precaution as the company views this as an internal error and not a data breach.