Revolut has experienced a major data breach that has reportedly exposed the sensitive personal details of around 50,000 clients globally.
Revolut‘s management has now informed Lithuania’s State Data Protection Inspectorate about the security breach, noting that access to its database had been obtained via advanced social engineering techniques.
The bad actors who had infiltrated the Fintech company’s systems this past Sunday were reportedly identified and then locked out by Monday 2 am, significantly limiting the overall impact of the data breach.
As noted in the update, the data of around 50,150 clients worldwide (20,687 of them in the European Economic Area), including customer names, their addresses, e-mails, telephone numbers, part of the payment card data, and account details had been obtained from the firm’s servers.
In a letter to clients impacted by the damaging hack that has been posted on Reddit, Revolut’s management stated:
“We recently received a highly targeted cyber attack from an unauthorised third party that may have gained access to some of your information for a short period of time. You do not need to take any action, however we wanted to let you know, and sincerely apologise for this incident.”
Revolut added that all card data had been hashed and that no PINs/passwords had been accessed.
The firm added:
“Although your money is safe, you may be at increased risk of fraud. We recommend that you be especially vigilant for any suspicious activity, including suspicious emails, phone calls or messages.”
One of the affected clients said they were not too impressed by the firm’s response to the incident, adding:
“I contacted support and asked the which EXACT information of mine was stolen but they couldn’t answer, all they did was giving me the same message of the email.”
Revolut pointed out that the recent incident may have impacted only around 0.16% of its 20 million users globally.