The British fintech company, Revolut, got struck by a highly-targeted cyberattack, allowing hackers to access customers’ databases. The firm released a statement confirming the attack incident, clarifying that only 0.16% of customers were affected by it.
From the statement, Revolut said that upon identifying the attack on their systems, they immediately isolated it to limit the impact. All affected customers have also been contacted, while those not affected have not been sent an email. According to the security authorities in Lithuania, the affected customers summed to about 50,150 individuals.
Security experts have yet to identify the hacking method used by the threat actors to access Revolut’s systems, but they are looking at an angle of social engineering.
The Revolut cyberattack exposed numerous sensitive client data to hackers.
Lithuanian security authorities have listed down the customer data possibly been exposed to hackers. This data includes customers’ full names, postal addresses, email addresses, contact numbers, account data, and a limited portion of payment card details.
Revolut explained that these compromised data vary per affected customer and do not apply to all. Moreover, they noted that the data breach did not include critical banking credentials, such as card details, PINs, and passwords, and that the hackers had not stolen any customer funds.
Adding also to the preventive measures applied by Revolut’s security team, they have keenly monitored each customer account, ensuring that their funds and data are safe from further compromise. Despite these measures, those affected must be extra cautious since their information could be out in the open.
Besides the data breach incident, the customers of Revolut also raised some concerns after receiving inappropriate messages on their website’s support chat. Experts are deliberating whether this separate incident is linked to the recent hack, which could mean that the threat actors have also accessed other parts of the fintech firm’s systems.
In usual cases, cyberattacks often lead to hackers leveraging the stolen data from companies to perform another attack campaign. This recent Revolut cyberattack has already been spotted with a comparable situation upon researchers learning that an ongoing SMS phishing (smishing) campaign is being propagated against Revolut users.
For this reason, all affected customers are informed that Revolut will never ask for their sensitive details, including usernames and passwords. Users are also reminded to be vigilant in entering their details on suspicious web links spread by phishing actors to commit more threatening attacks.
