London-based fintech unicorn Revolut announced on Tuesday, September 20, that it has suffered a highly-targeted cyberattack that gave unauthorised third-party access to the personal information of thousands of clients.
According to a report, hackers obtained access to the Revolut database through social engineering methods. However, Revolut’s security team took prompt action to eliminate the attacker’s access to the company’s database and stop the incident.
In a statement to TechCrunch, Revolut spokesperson Michael Bodansky says, “Unauthorised third parties obtained access to the details of a small per cent (0.16%) of our customers for a short period.”
“We immediately identified and isolated the attack to limit its impact effectively and contacted those affected customers,” Bodansky says. “Customers who have not received an email have not been impacted.”
According to Lithuanian State Data Protection Inspectorate, the data of 50,150 customers worldwide, including 20,687 in the European Economic Area and 379 Lithuanian citizens, may have been compromised.
The fintech firm said that no funds, card details, PINs, or passwords were accessed or stolen in the incident. However, Lithuanian authorities have issued a report saying that hackers probably accessed partial card payment data and customers’ names, addresses, email addresses, and phone numbers.
The company has formed a dedicated team to monitor the account and keep both money and account safe.
One of Revolut’s affected customers posted on Reddit after receiving a mail notification about the data breach.
The mail says, “We emphasise that no access was made to the theft of funds. Your money is safe, as always. You can use your card and account normally. As a precaution, we have created a dedicated team to monitor your account and keep your money and account safe. Although your money is safe, you may be at increased risk of fraud. We recommend you be especially vigilant for any suspicious activity, including emails, phone calls, or messages.”
The UK digital bank communicated with customers whose personal data was violated.
“We take these incidents very seriously, and while you don’t need to take any action, we’ve advised affected customers to be extra cautious as there may be an increased risk of impersonation or fraud,” reads the mail.
The data breach comes a few days after Revolut launched Revolut Pay. This new secure online checkout feature allows UK and EEA merchants to present ‘Revolut Pay’ as a payment method across product, cart, and checkout pages.
Consumers can pay with just one click and earn cashback on purchases as they spend. Existing Revolut users can use Revolut Pay and pay via saved cards or their Revolut account balance.
Revolut: What you need to know
Established in 2015 by Nikolay Storonsky and Vlad Yatsenko, Revolut is a financial services company specialising in mobile banking, card payments, money remittance, and foreign exchange. In addition, it includes a prepaid debit card, currency exchange, and peer-to-peer payments.
In July, the company surpassed 20M retail customers worldwide and is now processing over 250 million monthly transactions. Over the past year, it has opened several offices in New York, Tokyo, Madrid, Barcelona, Paris, Mexico City, Berlin, Budapest, and Bucharest. Additionally, new offices in Mumbai and Bangalore are set to open later this year.
