Switzerland’s most popular neo-bank affected: hackers steal tens of thousands of customer data from Revolut
Criminals have stolen customer data from Revolut. The extent of the hack at Switzerland’s most popular smartphone bank is still being clarified. But the situation is said to be under control again and no passwords or customer funds have been stolen.
The smartphone bank Revolut claims to have been the victim of a cyber attack. This emerges from a communication from the British fintech to the supervisory authorities in Lithuania. According to initial information, personal information has been stolen, but not passwords or customer funds. The British fintech startup Revolut works in Europe with a banking license from Lithuania. In Germany, Revolut is the most popular neo-bank and competes with other start-ups such as Neon, Yapeal or apps from established banking institutions such as CSX (Credit Suisse), Yuh (Postfinance and Swissquote) or Zak (Bank Cler).
Revolut spokesman Michael Bodansky told the TechCrunch portal that …
“…an unauthorized third party gained access to the data of a small percentage (0.16 percent) of our customers for a short period of time”.
Revolut discovered the malicious access late in the evening of September 11 and was able to isolate the attack by the next morning. The notice to regulators said Revolut’s security team acted quickly to stop access to the company’s customer data.
50,150 customers affected
However, the Revolut spokesman did not want to say exactly how many customers were affected. On its website, the company states that it has about 20 million customers in total; 0.16 percent would correspond to 32,000 customers.
However, in Revolut’s communication to the Lithuanian authorities, the company states that 50,150 customers were affected by the security breach. And: All affected users have already been informed about the incident by e-mail.
Warning about phishing attacks
According to the Lithuanian data protection authority, more than 20,687 of these users come from the EU area. According to its own statements, the authority has started an investigation into the data leak. And in its message for an initial assessment of the situation, it warns that phishing campaigns could now be started with the captured data. This with the aim of obtaining even more sensitive data. Revolut also warned its customers of such phishing attacks.
In a message posted on Reddit, Revolut writes that…
«… no card data, PINs or passwords were tapped».
However, the company’s statement states that the hackers probably accessed part of the card payment data as well as the names, addresses, email addresses and telephone numbers of the customers.
No Swiss banking license
Revolut does not have its own banking license in Switzerland, but has an account with the major bank Credit Suisse. There, customers can deposit their transfers into the Revolut account. The second-largest fin-tech in Europe offers various cards for its e-money account, such as from Mastercard, Maestro or Visa. The e-money account is only managed in an app. Revolut does not know any bank counters.
With favorable conditions and good exchange rates, the Neo-Bank is particularly positioned as an alternative for trips abroad or international transfers. According to its own information, Revolut has hundreds of thousands of customers in Switzerland. Most recently, the local media reported about half a million Swiss e-money accounts in the summer. (dpa/sat)