The bank that is valued at £2bn reported that company policy is to store pin information in a “particularly secure” area of its internal system where it could be closely monitored and control with selected staff members able to access them.
Despite this Monzo discovered that pins were also duplicated onto log files and despite them being encrypted, they could be reached by roughly 110 unauthorised persons. The recent revelation revealed that the pins have been miss stored for six months with the issue now reported to the Information Commissioner’s Office as a precaution.
Monzo has later confirmed that this issue affects one in five of the banks 2.6 million customers. Despite this, the company has continued with an app upgrade and worked increased hours to delete information stored incorrectly.
The bank states that no one outside of the business has access and that there is no evidence of misuse of the data.
We’ve checked all the accounts that have been affected by this bug thoroughly and confirmed the information hasn’t been used to commit fraud,
Monzo said in a blog post. They also added, “Just in case, we’ve messaged everyone that’s been affected to let them know they should change their pin by going to a cash machine.”
Monzo has also taken the precaution to email potentially affected customers along with an apology.
Image Source by Financial Times