Data stolen in cyber attack on Revolut
HACKERS stole the personal information of more than 50,000 Revolut customers after gaining access to the fintech company’s computer system in a “highly targeted” cyber attack.
Data exposed included some customers’ names, postal addresses, email addresses and phone numbers, as well as partial payment card numbers.
Lithuania, where Revolut holds its banking licence, has opened an investigation into whether its security practices breached the European Union’s data protection laws.
A total of 50,150 customers were affected, Lithuanian regulators said, including around 20,500 customers in the European Economic Area.
Revolut also operates in the UK, where its corporate headquarters is based, as well as the US.
A Revolut spokesman confirmed the bank had “experienced a highly targeted cyber attack” on Sunday night, saying the attack was detected and contained by 2am on Monday.
He added: “This resulted in an unauthorised third party obtaining access to the details of a small percentage (0.16pc) of our customers for a short period of time. No funds have been accessed or stolen. Our customers’ money is safe. All customers can continue to use their cards and accounts as normal.”
Affected customers have been emailed to inform them of the breach, Revolut said. The company has also informed the British Information Commissioner’s Office and the Financial Conduct Authority.
The Lithuanian data protection agency said the cyber attackers were able to get in through a “social engineering” attack, where an employee is targeted and tricked into handing over access to internal company systems.
Under the EU’S GDPR rules, failing to secure customers’ personal data can lead to fines of up to €10m (£9m) or 2pc of global turnover.