September 20, 2022

Revolut, a financial technology company, has been the victim of a cyberattack described as “highly targeted.”

According to the Lithuanian Data Protection Authority, where the company holds a banking license, 50,150 customers were affected, with the authority stating that the number of affected customers in the European Economic Area is 20,687 and that only 379 Lithuanian citizens are potentially affected by the incident.

Exposed information includes, according to the Lithuanian Data Protection Authority, e-mail addresses, full names, postal addresses, telephone numbers, limited payment card details and account data.

After the intrusion was detected, the company significantly limited the risk to its customers and isolated the attack by early Monday (2 A.M.). Revolut also formed a special team to monitor customer accounts as a precaution to ensure that both money and data are secure.

Attackers are already using the attack to carry out phishing attacks on Revolut customers, including those who are not affected. As part of the ongoing SMS phishing campaign, Revolut account holders are being tricked with messages that their existing card has been frozen in order to prevent fraud.

Revolut asks users to be “extremely wary” with messages that ask for personal information or passwords, and the company said it would not call customers about the incident or ask for sensitive information.

The sources for this piece include an article in BleepingComputer.