The financial technology company Revolut has been exposed to a cyber attack where sensitive client information was accessed by threat actors.
The company has confirmed the “highly targeted” attack, where hackers gained access to internal systems through phishing rather than malware (opens in new tab) or viruses. The access lasted “for a short period of time”, during which the information of 0.16% of Revolut’s customers was allegedly accessed.
“We immediately identified and isolated the attack to effectively limit its impact and have contacted the affected customers. Customers who did not receive an email have not been affected,” the company said in a statement.
Money is safe
Revolut has a banking license in Lithuania and this is where they had to disclose the breach. In the papers filed with the country’s state data protection watchdog, 50,150 customers were affected, including 20,687 in the European Economic Area and 379 in Lithuania itself.
While Revolut says email addresses, full names, postal addresses, phone numbers, some payment data as well as account data were stolen (opens in new tab), the details vary from customer to customer. Card details, PINs or passwords are secure, the company confirmed.
“Our customers’ money is safe – as it always has been. All customers can continue to use their cards and accounts as normal,” says the company’s spokesperson.
The attack already triggered a second wave of phishing campaigns, it was confirmed, with Revolut urging customers to be cautious when receiving communications regarding the breach.
It stressed that it will not call its customers about the incident and will never ask for sensitive information.
When the incident was reported, some Revolut customers began receiving text messages claiming their existing cards had been frozen to prevent fraud. They would then be redirected to a phishing site where they would give away more sensitive information, including full payment details.
Via: Bleeping Computer (opens in new tab)