The digital bank Monzo has told 480,000 customers to change their PINs after it discovered an error that allowed unauthorized staff to view sensitive information.
Monzo said that it normally stored PINs in a “particularly secure” part of its systems that only select employees can access but it learned that it had been recording some people’s PINs in a different part of its system.
Although the information was in encrypted log files, more than 100 Monzo engineers could view the information.
The organization has since deleted the data that was incorrectly stored, and updated its apps to fix the issue.
Source: https://www.itgovernance.co.uk/blog/monzo-bank-tells-customers-to-change-their-pins-after-security
"id": "MON2810423",
"linkid": "monzo-bank",
"type": "Data Leak",
"date": "08/2019",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"