London-based fintech unicorn Revolut announced on Tuesday, September 20 that it has been the victim of a highly targeted cyber attack that gave unauthorized third parties access to the personal data of thousands of clients.
According to a report, hackers gained access to the Revolut database through social engineering methods. However, Revolut’s security team took immediate measures to eliminate the attacker’s access to the company’s database and stop the incident.
How to improve open source security?
Follow these three steps and get on the road to stronger security practices. view more
Follow these three steps and get on the road to stronger security practices. Show less
In a statement to TechCrunch, Revolut spokesperson Michael Bodansky said: “Unauthorized third parties accessed the details of a small percentage (0.16%) of our customers for a short period of time.”
“We immediately identified and isolated the attack to effectively contain the impact and contacted the affected customers,” says Bodansky. “Customers who have not received an email have not been affected.”
According to the Lithuanian State Data Protection Inspectorate, the data of 50,150 customers worldwide, including 20,687 in the European Economic Area and 379 Lithuanian citizens, may have been compromised.
The fintech firm said no funds, card details, PINs or passwords were accessed or stolen in the incident. However, Lithuanian authorities have issued a report saying hackers likely have access to parts of card payment data and customers’ names, addresses, email addresses and phone numbers.
The company has formed a dedicated team to monitor the account and keep both money and account safe.
One of Revolut’s affected customers posted on Reddit after receiving an email about the data breach.
The email says: “We emphasize that no theft of funds was allowed. Your money is safe, as always. You can use your card and account as usual. As a precaution, we have created a dedicated team to monitor your account and keep your money and your account safe. Even if your money is safe, you may be at increased risk of fraud. We recommend that you be especially vigilant for any suspicious activity, including emails, phone calls or messages.”
The British digital bank communicated with customers whose personal data was breached.
“We take these incidents very seriously, and while there is no need to take any action, we have advised affected customers to take extra care as there may be an increased risk of impersonation or fraud,” the email said.
The data breach comes a few days after Revolut launched Revolut Pay. This new secure online payment feature allows merchants in the UK and EEA to present ‘Revolut Pay’ as a payment method across product, basket and checkout pages.
Consumers can pay with just one click and earn cashback on purchases as they spend. Existing Revolut users can use Revolut Pay and pay via stored cards or their Revolut account balance.
Revolut: What you need to know
Founded in 2015 by Nikolay Storonsky and Vlad Yatsenko, Revolut is a financial company specializing in mobile banking, card payments, money transfers and currency. In addition, it includes a prepaid debit card, currency exchange and peer-to-peer payments.
In July, the company passed 20 million retail customers worldwide and now processes over 250 million monthly transactions. Over the past year, it has opened several offices in New York, Tokyo, Madrid, Barcelona, Paris, Mexico City, Berlin, Budapest and Bucharest. In addition, new offices in Mumbai and Bangalore will open later this year.
How cybersecurity scaleup Intigriti conquered the world?
Watch our interview with Paul Down, Sales Manager at Intigriti.
Watch our interview with Paul Down, Sales Manager at Intigriti. Show less
