UK Fintech Revolut has been hit by a cyberattack that exposed the data of over 50,000 customers, Which? Money reports, putting users at increased risk of identity theft and fraud.
Now in its seventh year, Revolut has amassed more than 20 million global customers to date, with 4.8 million in the UK – its biggest market. The company was hit by a data breach late at night on Sunday 11 September, which it says affected less than 1% of its customer base.
The breach was identified by the early hours of Monday morning, however, personal data including customer contact details and account data had already been compromised.
In an e-mail to affected customers, the fintech says that while their money is safe and no card details, PINs or passwords were accessed, some individuals may be vulnerable to fraud and phishing attacks.
A Revolut spokesperson says: “Revolut recently experienced a highly targeted cyber-attack. This resulted in an unauthorised third party obtaining access to the details of a small percentage (0.16%) of our customers for a short period of time.
“We immediately identified and isolated the attack to effectively limit its impact and have contacted those customers affected. Customers who have not received an email have not been impacted.
“To be clear, no funds have been accessed or stolen. Our customers’ money is safe – as it has always been. All customers can continue to use their cards and accounts as normal.”
The company has set up a dedicated team to monitor affected accounts, which, according to the Lithuanian data protection authority, may be as many as 50,150 customers around the world.
Revolut is working with the Information Commissioner’s Office in the UK, as well as other regulators and relevant authorities, as investigations proceed.