Yes - because that would meet the ICO’s definition that danmullen quoted above - that would be a “loss” of data as there is no longer any level of control over the data by the data owner.
The data here was stored in encrypted log files on Monzo’s own systems that were discovered by a security engineer.
Ultimately given that Monzo have referred themselves to the ICO (as well as the FCA and PRA), they will be able to determine whether they feel that any redress is necessary.