We use cookies to allow us and selected partners to improve your experience and our advertising. By continuing to browse you consent to our use of cookies. You can understand more and change your cookies preferences here.


When you click on a retailer link on our site, we may earn affiliate commission to help fund our not-for-profit mission.Find out more.

6 Aug 2019

Nearly half a million Monzo Pin numbers exposed to staff: what do I need to do?

Find out how to change your Pin and protect your account

Monzo has urged 480,000 customers to change their secure Pins, after this information was made available to more than one hundred staff members.

Up to one in five of the digital bank's 2.6 million customers were affected. While no fraud was detected as a result of the glitch, customers should take precautions to protect their accounts.

Find out how Pins were left exposed and what you need to do if you bank with Monzo.

Be more money savvy

Get a firmer grip on your finances with the expert tips in our Money newsletter – it's free weekly.

This newsletter delivers free money-related content, along with other information about Which? Group products and services. Unsubscribe whenever you want. Your data will be processed in accordance with our Privacy policy

How were Monzo Pins exposed?

Monzo generally stores Pins in a secure part of its internal system, with 'tight controls' over which staff members can access the information.

Last week, however, Monzo discovered that hundreds of thousands of Pins were also being recorded in a separate section of the internal system, as part of the log files. These 'log files' record events on the company's operating system.

While this data was protected by encryption, up to 110 Monzo engineers had access to it, despite having no authorisation. These files have now been deleted.

With most banks, Pins are used primarily to authorise transactions on your debit card. At Monzo, however, you use the same Pin to authorise transactions via the app. Monzo has confirmed it will continue using the same Pin for the app and cards.

Monzo confirmed that all accounts have been checked for fraud, and that none was found as a result of the glitch.

Monzo chief executive Tom Blomfield said: 'We've deleted the data and done a full review of our systems and are confident this information hasn't been accessed or used in a fraudulent way.'

How to change your Monzo Pin

Monzo has contacted any customers who were affected via email, urging them to change their Pin 'as a precaution'.

To do this, you'll need to take your card to a cash machine and enter your old Pin. You should then select the option 'Pin services', and 'select a new Pin', to enter a new number.

Customers who are abroad, or can't easily access an ATM, should get in touch with Monzo through in-app chat.

Monzo also asked customers to update their app by downloading the latest versions from the App Store or Play Store.

If your contact details aren't up-to-date with Monzo, or you have other concerns, you should contact the bank through the in-app chat or the phone number on the back of your debit card.

Am I at risk of fraud?

No customers have suffered fraud as a result of what happened, Monzo has confirmed. Indeed, in order to make a transaction on your account, Monzo staff would also have required access to your card, unlocked mobile phone or email account.

Nonetheless, if you're worried, it's worth monitoring your transactions over coming months for any suspicious activity.

If you notice an unauthorised transaction, you should report it to Monzo as soon as possible.

Like other banks, Monzo will refund unauthorised transactions on your card, provided you haven't been careless. While it hasn't yet signed up to be a signatory to the new code on bank transfer fraud, it has committed to upholding its principles.

Is Monzo safe to use?

Monzo is one of the fastest-growing banks in the UK, with around 2.6 million customers.

The bank's main draw is its instantaneous updates. As soon as a transaction is made, you'll get a notification, making it much easier to spot fraud the moment it happens.

If your card goes missing, you can freeze it via the app. Or, if you lose your phone, you can login via the Monzo website and freeze your account.

iPhone users can also turn on a location-based security feature to block potentially fraudulent transactions. For example, if your phone is at your home in London but the payment is being made from abroad.

In our most recent banking survey, Monzo Bank was named a Which? Recommended Provider, topping our table with an 86% customer score.

How secure is my Pin?

Any time you set a Pin, you should make sure it's not easy to guess - avoid, for example, using your birthday or 1234.

While your bank should offer refunds for unauthorised card transactions, you may not be protected if you carelessly shared your Pin with the fraudster.

For this reason, you should never use your Pin for any other type of secure code, like a gym locker or bike lock, where someone could easily watch you. Cover your hand when entering your Pin at a till or ATMs, and be wary if anyone is standing close behind you. And, of course, don't leave your Pin written down anywhere, even as a reminder.