large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Monzo security breach: digital bank is asking some customers to change their pin

British banking start-up Monzo has reached out to around half a million customers after a glitch revealed plain text PIN details to engineers. 

Those contacted have been asked to change their card PIN after the security hiccup, but it’s a substantial breach of security and bad news for the digital bank, which has some 2.5m customers and has just launched in the United States. 

The flaw involved engineers being able to see the PIN for some customers in encrypted log files. However, as engineers were given access to these files to do their job, the numbers were revealed. 

In a blog post mea culpa, Monzo says that they spotted the issue on Friday and was fixed in the early hours of Saturday, while sensitive information was wiped by Monday morning. Monzo also said they’ve contacted everyone affected, so if you didn’t get an email from the bank asking you to change your pin by now, you aren’t affected. Congratulations. 

Related: Best VPN

Only two features have put users at risk, confirmed from the comments below the blog post. This is both “Getting a reminder of your card number” and “Cancelling a standing order.”

However, if you were affected in the breach, it appears changing your pin at a cash machine should be absolutely fine. In addition, the bank says that it checked all the accounts affected and believes at this time that the information has not been used for any fraudulent activities. 

“If you think you see anything unusual on your account, please get in touch with us straight away through in-app chat or by ringing the phone number on your debit card,” say Monzo in their blog. “If we haven’t emailed you, you haven’t been affected. But you should still update your app to the latest version.”

Crucially, several people who have received the email did not get an app notification, so check your email’s spam folder and your non-priority inboxes.

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have 9 million users a month around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.