cyber Breach

Monzo Bank

May 11, 2023 1 min read
Monzo Bank

The digital bank Monzo has told 480,000 customers to change their PINs after it discovered an error that allowed unauthorized staff to view sensitive information.

Monzo said that it normally stored PINs in a “particularly secure” part of its systems that only select employees can access but it learned that it had been recording some people’s PINs in a different part of its system.

Although the information was in encrypted log files, more than 100 Monzo engineers could view the information.

The organization has since deleted the data that was incorrectly stored, and updated its apps to fix the issue.

Source: https://www.itgovernance.co.uk/blog/monzo-bank-tells-customers-to-change-their-pins-after-security

TPRM report: https://scoringcyber.rankiteo.com/company/monzo-bank

"id": "mon2810423",
"linkid": "monzo-bank",
"type": "Data Leak",
"date": "08/2019",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '480,000',
                        'industry': 'Financial Services',
                        'name': 'Monzo',
                        'type': 'Digital Bank'}],
 'attack_vector': 'Internal Error',
 'customer_advisories': 'Customers were advised to change their PINs',
 'data_breach': {'data_encryption': 'Encrypted log files',
                 'number_of_records_exposed': '480,000',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': 'PINs'},
 'description': 'Monzo discovered an error that allowed unauthorized staff to '
                'view sensitive information, specifically PINs, which were '
                'incorrectly stored in a less secure part of its systems.',
 'impact': {'data_compromised': 'PINs'},
 'post_incident_analysis': {'corrective_actions': 'Deleted incorrectly stored '
                                                  'data, Updated apps to fix '
                                                  'the issue',
                            'root_causes': 'Improper storage of PINs in less '
                                           'secure part of the system'},
 'response': {'communication_strategy': ['Informed 480,000 customers to change '
                                         'their PINs'],
              'containment_measures': ['Deleted incorrectly stored data',
                                       'Updated apps to fix the issue']},
 'threat_actor': 'Internal (Unauthorized Staff)',
 'title': 'Monzo Security Incident: Unauthorized PIN Access',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Improper data storage practices'}
Published by
Roshni Ray
Roshni Ray
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.