Network Security, Vulnerability Management

Monzo updates apps after incorrectly storing banking customer PINs

The U.K.-based digital bank Monzo Sunday disclosed that it has fixed an error that caused certain customers' PIN codes to be stored in a less secure area of its internal systems.

In an Aug. 4 company blog post, the mobile-only banking services provider acknowledged that it mistakenly had recorded some customers' PINs in encrypted log files that Monzo engineers are able to access. The company did not reveal the exact number of affected customers, but said it was fewer than a fifth of the entire U.K. Monzo customer base.

After making the discovery on Aug. 2, Monzo released updates to its apps, deleted the exposed information, and notified impacted customers via email. All Monzo app users are advised to download iOS version 2.59.0 and Android 2.59.1, and affected customers should change their PIN.

"We've checked all the accounts that have been affected by this bug thoroughly, and confirmed the information hasn’t been used to commit fraud," according to the company blog post.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.