Monzo, one of the world’s largest digital banks, discovered a security flaw and is now asking half-million of its customers to change their personal identification numbers (PINs), TechCrunch reported on Monday (Aug. 5).
The bug has been fixed, but as a precaution, customers are being urged to change their PINs.
According to Monzo’s blog, the bank noticed on Friday, Aug. 2 that some people’s PINs were being stored on logs that engineers at Monzo had access to. PINs are typically stored in a “particularly secure part of our systems.”
“No one outside Monzo had access to these PINs. We’ve checked all the accounts that have been affected by this bug thoroughly, and confirmed the information hasn’t been used to commit fraud,” Monzo said on its blog.
The company said the flaw was fixed by 5:25 a.m. on Saturday morning, and updates released to the Monzo apps. The company then deleted the information that was stored incorrectly and is emailing all of its customers.
“If we’ve contacted you to tell you that you’ve been affected, you should head to a cash machine to change your PIN to a new number as a precaution,” Monzo said. “You can do this by putting your Monzo card into the cash machine, entering your old PIN and choosing ‘PIN services.’ Then choose ‘Select a new PIN’ and change it to a new number.”
According to the company's blog, “The issue affected less than a fifth of U.K. Monzo customers.” Monzo reportedly has more than 2 million users.
The company recently rolled out in the U.S., signing up consumers at events in Los Angeles, New York and San Francisco. That rollout was said to be reminiscent of the word of mouth that had been a springboard to the firm’s gaining traction in the United Kingdom. In the U.S. there will be no minimum balance requirements and no monthly fees — but the company will not pay interest on deposits.