Oh boy! Have we been stressed when learned the news. 😵
Both Revolut, an online banking and investing solution, and Chase, app-only bank, have been targets of cyberattacks this past month. Both companies struggled to respond to hackers’ attacks: however, officially only Revolut has ended up by leaking clients’ personal data. Chase’s outage lasted more than 24 hours. In this article we have gathered all necessary information for you to learn everything about the data leak.
September 15, Revolut Intrusion
Founded in 2015, Revolut is a Lithuanian financial technology company that has seen rapid growth, now offering banking, money management, and investment services to customers all over the world.
As shared by Revolut itself, on September 15, 2022, the company suffered a cyber attack. This attack has resulted in a threat actor gaining access to an undisclosed amount of data and functionality. Some customers have seen inappropriate messages being displayed in the app at the moment of the incident.
According to the information, given to Lithuania’s State Data Protection Inspectorate, where Revolut has a banking license, 50,150 customers have been impacted.
Revolut claims that the number of affected customers in the European Economic Area is 20,687, and just 379 Lithuanian citizens are potentially impacted by this incident.
It is still not known how exactly the hacker gained access to the database but it appears that the attacker relied on social engineering.
The likely exposed information, according the Lithuanian data protection agency, includes:
- Email addresses
- Full names
- Postal addresses
- Phone numbers
- Limited payment card data
- Account data
Sensitive financial data, like CVV or PIN or passwords have not been exposed.
The company reacted quickly to the intrusion and formed a dedicated team tasked with monitoring customer accounts, to make sure that both money and data are safe.
Users are advised to be “extremely wary” of any messages requesting personal details or passwords. Revolut will not call customers about the incident and will never ask for sensitive information.
Even though Revolut has responded fast to the incident, their clients are not at all happy. Most of the users feel like their chosen banking solution is hiding the details of the incident, by not officially releasing a statement detailing what happened and what data leaked. Revolut has given this information to government officials, but has it informed its customers?
Here are some of the comments we have found on Reddit that show the general mood:
We’ve been shocked to find a post possibly directly related to the Revolut cyber security incident. A US student has shared that he has been tricked by phone scammers, who presented themselves as Revolut staff. As they possessed the Revolut customer’s personal information, they easily convinced the client to send money to a third-party account, saying that this way he/she might secure the funds.
We wonder if this user is actually among those 50,150 customers who’s data was leaked – and if so, why Revolut hasn’t notified them.
The Kaduu Team advise you to stay vigilant, especially if you are a customer of an online banking solution, like Revolut. Phone scams and phishing remain the most popular ways of hacking individuals, so be sure not to trust anyone you don’t know who phones you and always verify the URL you’re visiting.
Stay up to date with exposed information online. Kaduu with its cyber threat intelligence service offers an affordable insight into the darknet, social media and deep web.