Financial technology firm Revolut has suffered a cyberattack that saw sensitive client information accessed by threat actors.
The company has confirmed the “highly targeted” attack, which saw hackers gain access to internal systems through phishing, rather than malware (opens in new tab) or viruses. The access lasted “for a short period of time” during which the details of 0.16% of Revolut’s customers were reportedly accessed.
“We immediately identified and isolated the attack to effectively limit its impact and have contacted those customers affected. Customers who have not received an email have not been impacted,” the company said in a statement.
Money is safe
Revolut has a banking license in Lithuania, which is where it had to disclose the breach. In the papers filed to the country’s State Data Protection Inspectorate, 50,150 customers were affected, including 20,687 in the European Economic Area, and 379 in Lithuania itself.
While Revolut says email addresses, full names, postal addresses, phone numbers, some payment data, as well as account data, were stolen (opens in new tab), the details vary from customer to customer. Card details, PINs, or passwords are safe, the company confirmed.
“Our customers’ money is safe – as it has always been. All customers can continue to use their cards and accounts as normal,” the company spokesperson said.
The attack already triggered a second-wave phishing campaign, it was confirmed, with Revolut urging customers to be careful when receiving any communication regarding the breach.
It stressed that it will not call its customers about the incident, and will never ask for sensitive information.
As the incident was reported, some Revolut customers started getting SMS messages claiming their existing cards were frozen to prevent fraud. After that, they’d be redirected to a phishing site where they’d give away more sensitive information, including full payment details.
Via: BleepingComputer (opens in new tab)