Revolut card

UK-based super-app Revolut has fallen victim to a “highly targeted” cyber-attack that may have affected tens of thousands of customers.

“To be clear, no funds have been accessed or stolen. “We immediately identified and isolated the attack to effectively limit its impact and have contacted those customers affected. This resulted in an unauthorised third party obtaining access to the details of a small percentage (0.16%) of our customers for a short period of time.

Fintech company Revolut has suffered a social engineering attack that has exposed the personal data of customers.

[third party gaining access](https://www.cshub.com/attacks/news/ihg-booking-systems-disrupted-in-cyberattack) to Revolut’s database and the personal information of 50,150 users. In comments on the post, however, another Reddit user criticized Revolut for only emailing its affected customers rather than making a public statement. One user, who claimed to have been affected by the incident, shared details of an email they received from the fintech, which stated the “isolated incident” saw Revolut take “immediate action to properly manage...and protect [its] customers”. The State Data Protection Inspectorate in Lithuania, where Revolut has a banking license, [explained in a statement](https://vdai.lrv.lt/lt/naujienos/valstybine-duomenu-apsaugos-inspekcija-pradejo-tyrima-del-revolut-asmens-duomenu-saugumo-pazeidimo) that the breach was [due to a social engineering attack](https://www.cshub.com/attacks/news/oktapus-attack-on-twilio-exposes-data-of-163-companies). [made it onto Reddit](https://www.reddit.com/r/Revolut/comments/xew1w3/revolut_was_hacked/). [during a data breach](https://www.cshub.com/attacks/news/samsung-hit-with-class-action-lawsuit-following-data-breach).

Challenger bank Revolut has fallen victim to a cyber attack, where a third party was able to see users' personal details.

It is also advising customers to watch for suspicious emails, phone calls and text messages to avoid potential phishing scams. The Revolut cyber attack comes in the wake of a number of other high-profile data breaches this month. [Okta](https://www.computing.co.uk/news/4046978/okta-confirms-investigation-potential-breach-lapsususd-group), [Uber](https://www.computing.co.uk/news/4056471/uber-investigating-total-compromise-internal-systems) and Mailchimp, have used this strategy. Revolut discovered the unauthorised access on 10th September, and was able to contain the incident by the following morning. That sounds small, but Revolut claims to have more than 20 million personal banking customers, which would mean at least 32,000 people's details were exposed - and in fact, Revolut itself has admitted the breach has affected more than 50,000 individuals. [hackers compromised data](https://www.bleepingcomputer.com/news/security/revolut-hack-exposes-data-of-50-000-users-fuels-new-phishing-wave/) belonging to 0.16% of its customers"for a short period of time".