The U.K.-based digital bank Monzo Sunday disclosed that it has fixed an error that caused certain customers’ PIN codes to be stored in a less secure area of its internal systems.
In an Aug. 4 company blog post, the mobile-only banking services provider acknowledged that it mistakenly had recorded some customers’ PINs in encrypted log files that Monzo engineers are able to access. The company did not reveal the exact number of affected customers, but said it was fewer than a fifth of the entire U.K. Monzo customer base.
After making the discovery on Aug. 2, Monzo released updates to its apps, deleted the exposed information, and notified impacted customers via email. All Monzo app users are advised to download iOS version 2.59.0 and Android 2.59.1, and affected customers should change their PIN.
“We’ve checked all the accounts that have been affected by this bug thoroughly, and confirmed the information hasn’t been used to commit fraud,” according to the company blog post.