UK challenger bank Monzo has said it is sorry for storing PIN codes in log files that engineers had accesses to.
The FinTech unicorn issued the apology in a statement on its website where it also announced what had actually gone wrong. The statement explained that Monzo stores all customers’ PIN codes in secure area of the bank’s systems and has strict rules in place for who can access these files.
However, on Friday August 2, the challenger bank discovered a bug that also recorded some people’s PIN codes in encrypted log files. Contrary to the more secure files, engineers could get access to these log files. The files were deleted after they were discovered. Monzo updated its app over the weekend and had finished the processes of deleting the log files by Monday morning.
As far as the bank is aware, no one outside of the company has been able to access the files. In the end, this bug affected less than a fifth of Monzo’s clients. The venture has reached out to everyone affected and asked them to update to the latest version of the app and to change their PIN code.
This is the second bug the neobank has had to deal with within one week. On Monday July 29, many customers were unable to access their money or to see up-to-date transaction histories. The issue was resolved within a few hours.
Copyright © 2019 FinTech Global
