Monzo have not, at any point, said that it was a breach. That is an allegation. There is, as you quoted above, a definition set our for what a breach is, as it carries penalties. Monzo reported themselves to the ICO in the interests of transparency (and because it was the right thing to do and I hope that most organisations would do the same in the same circumstances). The act of reporting does not mean they consider there to have been a breach.
I just want to make it clear that I acknowledge this, the only thing I take issue with is the suggestion that it is a breach (a claim made in the advert in the original post and repeated by you above).
@bea - in the original community thread - made the following statement (which I quoted above).
I feel this is the right time for me to bow out of this thread – “breach” has a specific definition as quoted above, I have yet to see anything that indicates that this incident meets the definition of a breach, Simon VC’s tweet above suggests that Monzo don’t believe it meets the definition either. As Monzo have voluntarily referred themselves to the ICO, they can make the final determination.