Revolut has communicated that it has been the subject of a cyber attack that has allowed third parties to access the personal information of tens of thousands of customers. The incident, which occurred last week, was described as a specifically targeted attack on society. Revolut is a fintech company founded in 2015 with the aim of offering banking, money management and investment services around the world.
The company informed the State Data Protection Inspectorate in Lithuania, the country where Revolut obtained its banking license, that 50.150 customers were affected by the attack. Of these, 20,687 are located in the European economic area.
The company said an unauthorized third party could have access “for a limited time” to the details of 0.16% of customers. “We immediately identified and isolated the attack to effectively limit its impact and contacted affected customers. Customers who did not receive an email were not affected,” the company said. It is not known how the attacker obtained access to the database, but from the little information available it seems to have been an operation heavily based on social engineering techniques.
Among the data that have been stolen are email addresses, full names, residential addresses, telephone numbers, account data and some payment card data. However, the company states that the type of data compromised varies from case to case, and reassures that it was not possible to access the users’ card PINs, passwords and funds. The company has set up a team dedicated to monitoring customer accounts in order to identify any suspicious transactions.
The advice, for all Revolut users and not just those already contacted by the company, is to pay maximum attention: the attack may have allowed the attacker to have sufficient data and information to orchestrate phishing campaigns aimed at deceiving users. to reveal their sensitive data, such as PIN and password.
This the Revolut’s official statement:
“Revolut recently suffered a targeted cyber attack, which resulted in an unauthorized third party gaining access to the details of a small percentage (0.16%) of our customers for a short period of time. We immediately identified and isolated the attack to effectively limit its impact and we contacted the affected customers. Customers who did not receive an email are not affected by the incident. For clarity: Customer funds were not accessed or stolen . Our customers’ money is safe, as always. All customers can continue to use their cards and accounts as normal. We take incidents like this extremely seriously and would like to sincerely apologize to all customers involved for their safety and security. of their data is our top priority.