Revolut, a fintech company, has acknowledged that it was the subject of a highly targeted assault that gave hackers access to the private information of tens of thousands of clients.
An “unauthorized third party acquired access to the information of a small fraction (0.16%) of our clients
over a brief period of time,” Revolut spokesperson Michael Bodansky told TechCrunch.
Late on September 10 Revolut found the unauthorized access, and the next morning the incident had been contained.
To successfully reduce its effects, the assault was quickly discovered and isolated, and those customers who were impacted have been notified, according to Bodansky. Customers who didn’t get an email weren’t affected, either.
Revolut, which holds a banking license in Lithuania, declined to provide specific customer numbers. According to its website, the firm has over 20 million clients; 0.16% of 20 million would equal to 32,000 clients. Revolut claims that 50,150 users were affected by the breach, including 20,687 clients in the European Economic Area and 379 Lithuanian individuals, according to the company’s breach notice to the authorities in Lithuania, which was originally noted by Bleeping Computer.
Although Revolut assured TechCrunch that no money was accessed or taken in the incident, it also failed to specify what kinds of data were accessed. No card data, PINs, or passwords were obtained, the business claimed in a statement to impacted consumers that was posted to Reddit.
However, the breach revelation claims that partial card payment data, along with customer names, addresses, email addresses, and phone numbers, were probably acquired by hackers.
According to the revelation, the threat actor employed social engineering techniques to access the Revolut database, which generally entails convincing a worker to divulge private information like their password. Recent assaults on a number of well-known firms, such as Twilio, Mailchimp, and Okta, have increasingly used this strategy.
Revolut recommended users to be cautious when receiving any message addressing the breach since it appears to have started a phishing effort as a result of the breach. The business warned clients that it wouldn’t phone or SMS them to ask for login information or access codes.
As a precaution, Revolut has also assembled a specialized staff charged with keeping an eye on client accounts and ensuring the security of both money and data.
The protection of our clients and their data is our first concern at Revolut, according to Bodansky. “We take situations like this tremendously seriously, and we would like to sincerely apologize to any consumers who have been harmed by this occurrence,” he said.