Revolut has experienced a data breach that has exposed the personal details of approximately 50,000 customers globally.
The company reported the cyber attack to the Lithuanian State Data Protection Inspectorate, revealing that the breach occurred through social engineering techniques. The hackers who accessed Revolut’s systems last Sunday were identified and locked out by 2 a.m. on Monday, significantly reducing the potential damage.
Despite this quick response, personal information from around 50,150 customers was compromised, including names, addresses, email addresses, telephone numbers, and portions of payment card details and account information. Of these, 20,687 customers were located in the European Economic Area.
In a letter addressed to the affected customers, which was shared on Reddit, Revolut stated: “We recently received a highly targeted cyber attack from an unauthorized third party that may have gained access to some of your information for a short period of time. You do not need to take any action; however, we wanted to inform you and sincerely apologize for this incident.”
Revolut added that all card data was hashed and that no PINs or passwords were compromised. The company emphasized, “Although your money is safe, you may be at increased risk of fraud. We recommend that you remain particularly vigilant for any suspicious activity, such as unusual emails, phone calls, or messages.”
Some customers expressed dissatisfaction with Revolut’s response. One individual remarked, “I contacted support and asked which EXACT information of mine was stolen, but they couldn’t provide an answer; they just repeated the same message from the email.”
Revolut noted that the breach affected only 0.16% of its 20 million users worldwide.