News & Resources

Is Monzo Bank losing its shine after a series of data breaches?

  • Posted on

Monzo was heaped with praise after the challenger bank warned Ticketmaster that customers might be at risk. Long before the high-profile data breach was uncovered at the ticket sales company. Ticketmaster failed to take these warnings seriously. Despite Monzo's caution that some customers were experiencing fraudulent transactions on their accounts after buying tickets from the online merchant. But, the satisfaction of being the latest data security darling didn't last long. Mainly because, shortly after Monzo called Ticketmaster out for its failures, the bank suffered a severe data breach of its own.

In this case, the personal details of 20,000 of its customers were lifted from a third-party survey. And, making matters worse for Monzo, earlier this month it was revealed that nearly half a million customers had to reset their PINs after information was left in an insecure file.

So, has the shine really gone from Monzo bank?

Data protection heavyweight and managing director at Hayes Connor Solicitors, Kingsley Hayes certainly thinks so. Commenting on the ongoing Monzo saga, he said:

"All that glitters isn't gold, and this certainly seems to be the case with Monzo bank".

What happened in the Monzo data breaches?

Monzo data breach number one

In July 2018, Monzo reported that it had fallen victim to cyber crooks after attackers found a weakness in Typeform's (a third -party survey supplier) security. In total, around 20,000 customers had their email addresses stolen. A smaller number also had additional information, such as postcodes and names of previous banks exposed.

Speaking about this case, Kingsley said:

"Despite the breach, Monzo escaped largely unscathed from reputational damage. Mainly because Monzo gave its customers as much information as possible as quickly as possible. This is vital when it comes to helping customers protect themselves from further damage following a privacy violation. However, as details about another breach now come to light, it's unlikely that customers will be as forgiving a second time around".

Monzo data breach number two

According to a new Monzo blog post, because of a failure in internal security processes, 480,000 customers PINs were theoretically accessible to employees at Monzo for months. And, as a result, half a million customers have now been advised to change their PINs.

Also, while Monzo claims that the PINs were encrypted, when talking to Wired, cyber security Marios Kyriacou said:"at this point, we do not know what 'encrypted' means. Given that PINs are made up of four digits, it wouldn't be difficult to decrypt these and find out what the real PINs were."

Adding his expertise to this matter, Kingsley commented:

"As this is the second data breach experienced by the bank, victims of the privacy violation are now rightly angry. Keeping everyone informed is all well and good, but Monzo would do better if it didn't put its customers at risk of financial fraud, identity theft, and emotional distress in the first place.

"Also, unlike the previous cyber-attack, this failure is 100% down to Monzo. No cybercriminals or third-parties were involved. So, customers are left wondering whether Monzo's internal security procedures are up to scratch. It certainly doesn't look like they are."

Holding Monzo to account

Kingsley added:

"Monzo has a duty to protect your personal information. Regardless of whether we are talking about a cyber-attack or a failure in security processes. So, if you have suffered damage or distress as a result of a Monzo data breach, you have a right to claim compensation.

"With data breaches on the rise, something has to be done to make big companies accountable for data losses. So, claiming compensation isn't just in your best interests; it could be the only way to ensure that businesses everywhere implement more secure processes.

"At Hayes Connor Solicitors, we are already holding Ticketmaster to account for its failings, and we are ready to do the same for Monzo. Our process is fully compliant with ICO guidance, and we never put your details at risk.

"What's more, as well as helping you to claim compensation, we also steer you through the aftermath of a data breach - minimising the impact on you as much as possible."

If you'd like to find out more, contact us today for advice and help.



Contact us