Not impressed with customers service and standard of care

I am not impressed with the customer care of the processes for dealing with GDPR request, in fact it’s appalling, the business inability to understand the time frames required by law, or the right procedure.

I request data from monzo which the initially where going to provide try and provide out of the time, they had to be prompted into doing so

The compliance of which result in someone form customer care providing a link to an encrypted zip file

Which would be fine in most case in the file has been removed after say 24 hours or after confirming the data had been received or if the password wasn’t to unbelievably crackable that it probably wouldn’t even take you 5 second if you where familiar with password generator.

What’s more right now is it’s been over 6 months and the link is still up. Even though I have asked them to take it down.

They’re not even trying mitigate basic security issues, the old guard may be slow and unwielding frustrating.

But at least even they have the common sense when it comes to account security, monzo you really need to sort this stuff out.

It’s basic stuff , your guy shouldn’t of produced a link to the data this stuff should not be open to the public it’s unsafe and just bad practice.

P.s please take now the bloody link it shouldn’t still be up ! It’s a basic request

I think I just about follow what you’re trying to say.

They gave you the data you requested in a password protected folder and now you want them to delete it?

If so, nobody on here will be able to help with this, you’re best contacting them in app :slight_smile:

How can you crack a password with a password generator?

I think they mean brute forcing - which is using software to guess common / weak passwords.

They’ve not explained where the file is hosted though and how / who is able to access it. Maybe it’s restricted to their account :man_shrugging:

I’m also not sure how someone would be able to find said file because presumably it was given in app chat which is also private :man_shrugging:

1 Like

Just raise a complaint if you’re concerned about the privacy of your data, assuming the link is so basic that any member of the Joe Public would find easily?

And also crack the easy password.

Both, IMO, very unlikely situations otherwise Monzo wouldn’t use such platforms.

I always say to anybody dissatisfied whether justified or not, just complain.

If you’re not happy with their final response, go to the ombudsman.

It’s a simple process :slight_smile:


I don’t know what I’m voting on but I like to support a good rant


Look at the OPs previous posts. There’s a sort of pattern here.


It’s hosted though the chat / customer support system they file should of never been placed on such a system as is has not been designed to protect sensitive data, the link is obstificated but still public facing so anyone could could across it.

It should never it been placed on the chat system let alone send out as a link in an email rather than an attachment.

I’d like to think as a banking platform their live chat system is more protected than your email account, as is managed through the secure banking app.

I’d just complain if you’re dissatisfied with their process.

Go complain to someone who can do something about it then, I mean we’re all just customers, so telling us doesn’t make the slightest bit of difference.

1 Like

Can you elaborate please?

The last I heard was that they built their own chat system so no third party is involved. Your chats in app are not public either, so only someone who logs into your app can see it.


Short of compromising your account to discover the link, how can they do this?

That aside, I agree with the other respondents who say your best route at this point is to submit a formal conplaint, and then take it to the ombudsman if you’re still unhappy.

1 Like

I must admit I often type random things after the Monzo domain to hopefully find password protected GDPR files and then crack them, just so I can find out someone’s middle name.


You too? Me too!

No? No.

But does feel like OP thinks he knows better about security/privacy and payments than the dedicated teams at Monzo (plus the regulators they have to satisfy)


There was a big old thread about this a couple of years ago. Someone went mad at Starling for doing the same thing and it was discussed muchly

1 Like

Not sure what the complaint is? But today I’ve learnt a new word “obstificated”


Obfuscated, surely?


Obstificate is obfuscate obfuscated.


Raise a complaint, complaints to banks have to be logged and the regulator sees the logs. Also complain to the Information Commissioner.

Wouldn’t it make more sense to have feedback and ideas each in their own thread?
I suppose I should post that in feedback and ideas…but I’m here now…
now posted as an idea…(and prompted by the contents of this thread)