Challenger bank Monzo has informed some customers it had been storing their PINs in an area of its internal systems that its engineers have access to.
The bank, which has rectified the mistake, said it typically “stores (PINs) in a particularly secure part of our systems, and tightly control who at Monzo can access them”.
However, Monzo said in a blog post, it “discovered that we’d also been recording some people’s PINs in a different part of our internal systems (in encrypted log files). Engineers at Monzo have access to these log files as part of their job”.
Monzo said the issue affected “less than a fifth” of UK Monzo customers, or around 480,000 people.
It added: “We’ve deleted the information that we stored in this way. As soon as we discovered the bug, we immediately made changes to make sure the information wasn’t accessible to anyone in Monzo.
“No-one outside Monzo had access to these PINs. We’ve checked all the accounts that have been affected by this bug thoroughly, and confirmed the information hasn’t been used to commit fraud.”
It added it issued an app update to help protect customers and emailed everyone affected.
“If we’ve contacted you to tell you that you’ve been affected, you should head to a cash machine to change your PIN to a new number as a precaution,” it said.
“If we haven’t emailed you, you haven’t been affected. But you should still update your app to the latest version.”