The online bank Revolut has been the victim of a cyberattack, and the personal data of more than 50,000 customers is now in the wild. The neobank nevertheless wants to be reassuring: the bank funds are safe.
Surely the pirates have returned from vacation. And they are not idle at the moment! After Uber, Samsung and La Poste Mobile, it is the turn of the online bank Revolut to be the victim of a cyberattack. The neobank revealed to Bleeping Computer having spotted, on Sunday September 11, an intrusion “extremely targeted” in its systems from an unauthorized third party, who was then able to access certain customer data. It must be said that with its 20 million customers spread across the four corners of the globe, British online banking is a prime target for hackers. The hacker was able to access e-mail addresses, names, postal addresses and telephone numbers, as well as bank account information and “limited data on payment cards” 0.16% of customers. This corresponds to exactly 50,150 members – including 20,687 in the European Economic Area – as revealed the State Data Protection Inspectorate in Lithuania – where Revolut has a banking license. The details, as well as the identity of its author, have not been revealed, except that the latter used social engineering to achieve his ends.
Revolut: an increased risk of phishing
The neobank still wanted to be reassuring, saying that credit card numbers, personal codes and account access passwords were not compromised during the attack. The hackers also did not have access to bank accounts. “Our customers’ money is safe – as it always has been. All customers can continue to use their cards and accounts as normal,” insists a Revolut spokesperson to Bleeping Computer. The firm specifies on Twitter that the customers concerned have been contacted directly by e-mail – do not panic for those who therefore do not receive anything. She takes the opportunity, however, to remind that the stolen information can help crooks pretend to be the online bank itself, in order to recover this time the passwords or the numbers of their coveted credit card – the famous phishing. This is why it is essential never to communicate personal information by e-mail or by telephone. Revolut will not contact anyone about the cyberattack, so any SMS/email/call about it is fraudulent. If in doubt, call customer service immediately. Cybercriminals seek to exploit the emotions of their victims to extract information from them, and seek to trick them into acting without thinking. This is why it is important not to give in to haste and always check.
This incident comes at a very bad time for Revolut, whose accounts are currently under the spotlight. Indeed, the firm BDO, which deals with the audit of the online bank – that is to say that it analyzes its accounts and its management -, is accused by the British accounting regulator (FRC), who judges that “the audit team’s overall approach to revenue recognition was inadequate and, therefore, the risk of undetected material misstatement was unacceptably high.” It is therefore possible that there are errors in the figures communicated, which could force Revolut to publish its results with a delay. Bad publicity that online banking would have done well.