The company discovered the bug on Friday, August 2, 2019, and spent all weekend removing PIN numbers from its internal logs.
The issue occurred when Monzo customers used two specific features of their Monzo mobile apps, namely the feature that reminds users of their card number and the feature for cancelling standing orders. When Monzo customers used one of these two features, they would be asked to enter their account PIN, for authorisation purposes, but unknown to them, the PIN would also be logged inside Monzos internal logs.
Monzo said these logs were encrypted and that only a few employees had access to the data stored inside. The company said that all users should update their mobile apps. The company published an update for its mobile app on Saturday, August 3, 2019, so the apps will not send the account PIN code to Monzo servers anymore.
Users who had their PINs recorded in Monzos logs received email notifications. The number of affected users is around 480,000. Users who did not receive an email, were not impacted, the bank said.
Monzo launched in the UK in 2015 and it does not have any branches, as it operates solely via its mobile apps. In June 2019, the company announced plans to launch in the US.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now
We welcome comments that add value to the discussion. We attempt to block comments that use offensive language or appear to be spam, and our editors frequently review the comments to ensure they are appropriate. If you see a comment that you believe is inappropriate to the discussion, you can bring it to our attention by using the report abuse links. As the comments are written and submitted by visitors of the The Paypers website, they in no way represent the opinion of The Paypers.