Mobile Bank Monzo Stored Card PINs in Internal Logs

Calling it a bug, mobile-only bank Monzo logged PINs inside encrypted internal logs under certain conditions.

Monzo

When Monzo customers used two specific app features:

  1. A feature that reminds users of their card number
  2. A feature to cancel standing orders

Customers would be asked to authenticate using their account PIN. However, the PIN were logged inside the company’s internal logs. Though encrypted, a “few employees” did have access to the data stored within. Monzo discovered the bug on August 2 and removed all PINs from its logs over the weekend and published a statement today.

Monzo routinely stores user PINs so it can check if a customer has entered it correctly. But they weren’t supposed to be stored within log files. The company says to update the app as soon as possible. Affected customers will be emailed.

Further Reading:

[Capital One Hack: What We Know and What You Can Do]

[That Recent Data Breach Might Not Be Limited to Capital One]

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.