The personal details of thousands of customers were exposed after digital challenger bank Revolut was hit by a “highly targeted cyber attack”.
The app-based bank, launched in the UK in 2015, admitted that a third party gained access to the personal details of 0.16% of its 20 million customers, but said “no funds have been accessed or stolen”.
A Revolut spokesperson said the company “immediately identified and isolated the attack to effectively limit its impact, and has contacted those customers affected”. It added that customers who have not received an email “have not been impacted”.
“We take incidents such as these incredibly seriously, and we would like to sincerely apologise to any customers who have been affected by this incident, as the safety of our customers and their data is our top priority at Revolut,” said the spokesperson.
In an email to affected customers, Revolut wrote: “As you were part of a very small percentage of affected customers, we want to reassure you that your data is now safe, and we understand that you may have questions about this incident.
“Your money is safe, as always,” it said. “You can use your card and account normally.”
However, it added that there could be a greater risk of fraud for impacted customers. “As a precaution, we have created a dedicated team to monitor your account and keep your money and account safe,” Revolut said. “We recommend that you be especially vigilant for any suspicious activity, including suspicious emails, phone calls or messages.”
Deryck Mitchelson, field chief information security officer at security software company Check Point, said the attack on Revolut appears to be a result of social engineering. “These types of phishing attacks can be very persuasive and can look real, giving them a high chance of success,” he said.
“Now that they do have access to this data, we will probably see a rise in phishing or smishing attempts requesting people to reset passwords or account details,” added Mitchelson. “Any Revolut customers need to be on high alert for unofficial emails or messages that contain malicious links.”
He said the finance and banking sector has always been a hot target for hackers, with Check Point data showing an average of 849 cyber attacks a week over the past six months.