Based in the UK, Monzo is a digital, mobile-only bank that has asked nearly 480,000 users to change their PINs after disclosing that they were stored improperly. Their customers’ PINs are regularly stored in a secure part of their system that is inaccessible without proper authorization. However, a lapse in security was noticed and it was discovered that customers’ PINs were being stored in encrypted log files which Monzo engineers were able to access. Swift action was taken, the glitch was dealt with and engineer access of the files was disabled. All information that was included was also deleted. “By 5:25am on Saturday morning, we had released updates to the Monzo apps. Over the weekend, we then worked to delete the information that we’d stored incorrectly, which we finished on Monday morning,” said Monzo. Thankfully for their customers, no information was exposed externally and it was confirmed that none of the information was used for fraudulent activity. The company says that this issue affected less than a fifth of their customers and the affected users were sent an email regarding the issue.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased