We ask for your PIN whenever you want to make a payment, or do anything else that's sensitive on your Monzo account.
And as your bank, we keep a record of your PIN so we can check you’ve entered it correctly. We store them in a particularly secure part of our systems, and tightly control who at Monzo can access them.
On Friday 2nd August, we discovered that we’d also been recording some people’s PINs in a different part of our internal systems (in encrypted log files). Engineers at Monzo have access to these log files as part of their job.
We’ve deleted the information that we stored in this way. As soon as we discovered the bug, we immediately made changes to make sure the information wasn’t accessible to anyone in Monzo.
By 5:25am on Saturday morning, we had released updates to the Monzo apps. Over the weekend, we then worked to delete the information that we’d stored incorrectly, which we finished on Monday morning.
No one outside Monzo had access to these PINs. We’ve checked all the accounts that have been affected by this bug thoroughly, and confirmed the information hasn’t been used to commit fraud.
Just in case, we’ve messaged everyone that’s been affected to let them know they should change their PIN by going to a cash machine.
The issue affected less than a fifth of UK Monzo customers. If we’ve contacted you to tell you that you’ve been affected, you should head to a cash machine to change your PIN to a new number as a precaution.
You can do this by putting your Monzo card into the cash machine, entering your old PIN and choosing ‘PIN services’. Then choose ‘Select a new PIN’ and change it to a new number.
If you think you see anything unusual on your account, please get in touch with us straight away through in-app chat or by ringing the phone number on your debit card.
If we haven’t emailed you, you haven’t been affected. But you should still update your app to the latest version.
We’re really sorry about this. Please get in touch with us if you have any questions or concerns.