Hayes Connor Instagram Advert about Monzo

Just to help me understand, if someone at a company, who was authorised to do so for a specific reason, printed off a load of personal data concerning its customers, and then left the file on the train, but no one on the train looked at the file, would that be a breach?

Yes - because that would meet the ICO’s definition that danmullen quoted above - that would be a “loss” of data as there is no longer any level of control over the data by the data owner.

The data here was stored in encrypted log files on Monzo’s own systems that were discovered by a security engineer.

Ultimately given that Monzo have referred themselves to the ICO (as well as the FCA and PRA), they will be able to determine whether they feel that any redress is necessary.

2 Likes

That was me, and I still haven’t had a definitive answer, having been told several times I would not be liable and once that I would be. I’m busy this weekend but will be chasing again with them on Monday.

3 Likes

No I’m not, what allegations have I made? Monzo have alerted customers and self-reported due to this breach. They themselves think it was a serious enough incident to warrant that.

As I said earlier, they’ve handled it well since becoming aware and I hope the ICO doesn’t impose any sort of fine. I doubt they will. The risk to the rights and freedoms of the data subjects is minimal.

Thanks, I couldn’t remember who it was that posted about this! Monzo should make an official statement on it. I suspect the person that told you you would be liable gave out wrong information.

1 Like

Monzo have not, at any point, said that it was a breach. That is an allegation. There is, as you quoted above, a definition set our for what a breach is, as it carries penalties. Monzo reported themselves to the ICO in the interests of transparency (and because it was the right thing to do and I hope that most organisations would do the same in the same circumstances). The act of reporting does not mean they consider there to have been a breach.

I just want to make it clear that I acknowledge this, the only thing I take issue with is the suggestion that it is a breach (a claim made in the advert in the original post and repeated by you above).

@bea - in the original community thread - made the following statement (which I quoted above).

I feel this is the right time for me to bow out of this thread – “breach” has a specific definition as quoted above, I have yet to see anything that indicates that this incident meets the definition of a breach, Simon VC’s tweet above suggests that Monzo don’t believe it meets the definition either. As Monzo have voluntarily referred themselves to the ICO, they can make the final determination.

4 Likes

I haven’t actually read definitively that no unauthorised people have accessed the log files. I’ve read that no-one outside the bank has accessed the information, which is different.

Along with this comment from Monzo…

“ Engineers at Monzo have access to these log files as part of their job. ”

…it certainly sounds like they have been accessed. I’d be delighted for Monzo to come out and categorically state that the files were not accessed during the six month period in question.

1 Like

So Simon VC saying they weren’t viewed or used isn’t definitive enough?

Did you change your PIN?

3 Likes

Just because someone has the ability to do something, doesn’t mean they have done it. The sentence you’ve quoted just explains the PIN issue, it definitely doesn’t say that someone accessed and copied or used the PINs.

Have a look at this:

https://twitter.com/simonvc/status/1159928736143347717?s=20

1 Like

I mentioned this in a post on the the other main thread. The lack of definitive definitions and oversight on the PR etc of the incident is leading to stuff like Hayes Connor.

Given that we are signing up more users than ever before, our NPS remains incredibly high, and anyone who spends any time at all working on our social media can see the huge amount of delighted customer comments we continue to receive on a daily basis, I think it’s fairly obvious that the answer to this question is no.

But of course, we all knew that, and we also all know that using our company name in any way, shape, or form is a guaranteed way to get a bit of attention these days. A certain bus advert about “moving over” springs to mind.

One could probably make a fairly decent living as a freelance business consultant these days by going around the country, meeting with businesses and saying “Find some way to reference Monzo in an advert or blog post”.

It really is at the point now where people want to find an angle for anything we do. The irony is that it probably does more for us than it does for them by reinforcing us as something worth talking about.

14 Likes

Completely agree Simon.

It’s funny how journalists etc all want to find a story that scare the general public.

The recent outage drew a flurry of articles (click bait?) which largely repeated the information Monzo yourselves had transparently made available and used it to paint a negative picture of Monzo and the small percentage of disgruntled customers.

However, no media, so far has reacted at all to the latest Monzo blog post with its incredibly detailed account of what happened, what Monzo has learned from it and the actions you’ll take to minimise the likelihood of it happening again.

We should all take what the press (and others trying to cash in on Monzo’s success) say with a large pinch of salt.

3 Likes

As someone who has used hays Connor as a customer, in my opinion there not the best, they regularly ignore messages & emails, the best part is they missed the obvious (yup there’s a NDA with the third party here) they (HC) dropped my case citing lack of evidence without costing me a penny and the third party contacted me to say we screwed up, we broke GDPR we admitted it to your solicitor (hays Connor) but they missed it, third party wrote me a cheque and we both laughed about their (HC’s) lack of common sense.

3 Likes

I don’t see the pin as data it’s just a security code

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.