Monzo says it wasn’t storing ‘some’ customer PINs correctly, but has now fixed the bug
Monzo, the fast-growing challenger U.K. challenger bank that recently soft-launched in the U.S., is disclosing a potential, albeit relatively limited, security oversight that saw customer PINs stored incorrectly within the company’s internal systems.
Discovered on Friday, the “bug” has now been squashed after being spotted by one of Monzo’s security engineers, co-founder and CEO Tom Blomfield told me on a call just a few moments ago. He said that even though an audit hasn’t surfaced any fraud as a result, the upstart bank was emailing affected customers to inform them what had happened and to advise that they change their PIN, because being totally transparent “is the right thing to do”.
In a blog post just published, Monzo provides the following context for the bug, including who could access customer app PINs as a result:
We ask for your PIN whenever you want to make a payment, or do anything else that’s sensitive on your Monzo account.
And as your bank, we keep a record of your PIN so we can check you’ve entered it correctly. We store them in a particularly secure part of our systems, and tightly control who at Monzo can access them.
On Friday 2nd
This post was originally published on this site