Wednesday, September 28, 2022
Home Tech News Revolut hit by cyberattack affecting 50,000 users

Revolut hit by cyberattack affecting 50,000 users

British fintech company Revolut has confirmed it was the victim of a “highly targeted cyberattack” that resulted in the perpetrator gaining access to tens of thousands of users’ personal data.

A spokesperson from Revolut told UKTN that an “unauthorised third party” obtained access to the data of 32,000 customers, which translates to 0.16% of its customer base, “for a short period of time”.

In total just over 50,000 users had their data compromised, but some 18,000 of those were people that had registered for a Revolut account but had not completed the sign-up process.

Compromised customer data included names, email addresses, date of birth, phone numbers and mobile device type, the spokesperson told UKTN. No payment details or passwords were accessed, Revolut said. 

“We immediately identified and isolated the attack to effectively limit its impact and have contacted those customers affected. Customers who have not received an email have not been impacted,” Revolut said in a statement.

The spokesperson said that “no funds have been accessed or stolen” and that customers can “continue to use their cards and accounts as normal”.

Revolut’s last publically available figures put its customer base at around 20 million, although UKTN understands that number is now closer to 23 million.

The cyberattack took place late on 10 September and was shut down by Revolut at approximately 02:00am the next morning. It stemmed from a Revolut employee being compromised by a phishing scam, in which an attacker sends a legitimate-looking message to trick the target into revealing sensitive information.

The attacker then used the employee’s stolen information to gain access to Revolut systems.

Revolut has been investigating the situation closely and is working with the Information Commissioner’s Office (ICO) and other authorities on the matter.

Revolut has also advised customers to be vigilant of suspicious emails, phone calls, and texts to avoid potential phishing scams following the attack.

Revolut said it is providing a free Experian security check service to affected customers.

Wave of cyberattacks

The Revolut cyberattack follows several other high-profile data breaches in September. Ride-sharing company Uber was the victim of an attack last week, which the company has said is connected to the hacker group Lapsus$.

Lapsus$ is thought to be in part based in the UK and was also linked to a recent data attack against video game company Rockstar. The attack saw dozens of images and videos of the studio’s upcoming game Grand Theft Auto VI being leaked.

“Users need to be extremely mindful of follow-up attacks where scammers could message claiming to be from Revolut as this type of information grabbing is typical in the aftermath of such a hack,” Jake Moore, global cybersecurity advisor at ESET, told UKTN. “Even though passwords are protected, it can often be peace of mind to change it just in case it is later discovered that more was compromised. It is vital customers keep their sensitive data and passcodes private however sure they might be that they are talking to advisors.”

- Advertisment -

Most Popular

Former Calgary Dino now a rookie with NFL’s Los Angeles Chargers

Canadian Deane Leonard has certainly taken the path less travelled to the NFL’s Los Angeles Chargers. The 22-year-old cornerback is in his rookie season with...

‘Impact success!’ Nasa spacecraft smashes asteroid in first ever ‘planetary defence test’

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video Nasa has successfully crashed a spacecraft into a small asteroid...

TikTok could face £27m fine for failing to protect children’s privacy

TikTok could face £27m fine for failing to protect children’s privacyInvestigation finds video-sharing app may have breached UK data protection law between 2018 and...

Eight states sue crypto lender Nexo over security sales and misleading marketing

/ New York’s attorney general alleges that the company’s Earn Interest Product was a security, one that the company wasn’t registered to sell,...