Data of 50,000 Customers Exposed in Banking App Hack
Sep 28, 2022
Revolut—a UK provider of banking and payment technology—has been hacked, exposing data from over 50,000 customers that leaves them at higher risk of identity theft and fraud.
Consumer advisory service Which? provided details of the data breach, which happened on Sunday 11 September. It was identified in the early hours of Monday 12 September, and affected less than one percent of all customers, however personal data—including contact details and account information—had already been compromised.
Although Revolut is a British company, it is licensed and regulated by the Bank of Lithuania, and details of the breach were made public last week by the State Data Protection Inspectorate, the Lithuanian authority that monitors compliance with data protection laws. It says the hack was achieved through ‘social engineering’. A typical example of this is an employee being tricked into revealing login details via a phishing scam, though the exact nature of this breach has not been shared.
The data exposed varied by customer, but includes contact details, partial debit card data (full card numbers remained masked), account data—such as past transactions—and details of their devices and last known IP address.
We take incidents such as these incredibly seriously, and we would like to sincerely apologise to any customers who have been affected by this incident as the safety of our customers and their data is our top priority at Revolut.
Revolut has contacted affected customers and is cooperating with the UK’s Information Commissioner’s Office alongside other regulators and authorities to progress their investigation. Which? recommends those whose data was exposed keep a close eye on bank and credit card statements, and be especially vigilant for suspicious activity on their accounts, or unusual emails, phone calls or text messages.