Revolut data breach exposes information for more than 50,000 customers

Fintech start-up Revolut has confirmed the personal information of more than 50,000 users was accessed during a data breach.

The breach, which took place on September 11, involved a third party gaining access to Revolut’s database and the personal information of 50,150 users.

The State Data Protection Inspectorate in Lithuania, where Revolut has a banking license, explained in a statement that the breach was due to a social engineering attack. It went on to say that the data accessed includes names, addresses, email addresses and partial payment card information, although Revolut has stated that card details were masked.

Revolut is currently investigating the attack and is communicating with those customers whose data was accessed during the breach. The Lithuanian government said that Revolut had taken “prompt action to eliminate the attacker's access to the company's customer data and stop the incident” once it was discovered.

Public response to the attack

News of the hack has made it onto Reddit. One user, who claimed to have been affected by the incident, shared details of an email they received from the fintech, which stated the “isolated incident” saw Revolut take “immediate action to properly manage...and protect [its] customers”. 

The email also reassured its recipient that their data, money and account were all safe and further advised them to be “especially vigilant for any suspicious activity, including suspicious emails, phone calls or messages”.

In comments on the post, however, another Reddit user criticized Revolut for only emailing its affected customers rather than making a public statement. Others criticized the non-specific language used in the email, saying that they “just want to know what data was leaked”.