Digital bank Monzo has apologised after almost half a million customers’ information was exposed to unauthorised staff.
Those affected have been advised to change their pin.
In a statement, the company said: “We’ve fixed an issue that meant we weren’t storing some customers’ pins correctly.”
It added: “On Friday August 2, we discovered that we’d also been recording some people’s pins in a different part of our internal systems (in encrypted log files).
“Engineers at Monzo have access to these log files as part of their job.”
The company said it deleted the information stored in this way.
“As soon as we discovered the bug, we immediately made changes to make sure the information wasn’t accessible to anyone in Monzo.
“By 5:25am on Saturday morning, we had released updates to the Monzo apps.
“Over the weekend, we then worked to delete the information that we’d stored incorrectly, which we finished on Monday morning,” it said.
About one in five of the bank’s 2.6 million customers, or around 480,000 UK accounts, have been affected.
“We’ve checked all the accounts that have been affected by this bug thoroughly, and confirmed the information hasn’t been used to commit fraud”, the bank added.
The company contacted customers to let them know they should change their pin.
“If we’ve contacted you to tell you that you’ve been affected, you should head to a cash machine to change your pin to a new number as a precaution,” the statement said.
Customers affected have also been advised to update their Monzo apps.
People who have noticed unusual activity on their Monzo account are advised to contact the company.
“If we haven’t emailed you, you haven’t been affected,” the company said.
“But you should still update your app to the latest version.”
Monzo’s statement added that it was “really sorry about this”.
The bank, which is popular with millenials and known for its coral pink cards, is valued at £2 billion.