Digital bank Revolut is being investigated by a regulator in Lithuania following a data breach earlier this month that exposed sensitive information on 50,150 customers, including those in the European Economic Area (EEA).
The State Data Protection Inspectorate (SDPI) opened an investigation after being alerted of a personal data breach (PDB) from Revolut, according to a statement from the regulator. Preliminary data showed that an unknown actor likely gained access to the Revolut database by using malicious social engineering tactics.
See also: Cash App, Block Accused of Negligence in Class Action Over Breach
Of the customers exposed worldwide, 20,687 were from the EEA and 379 were from Lithuania, according to the statement. Data potentially affected includes names, addresses, e-mail addresses, telephone numbers, part of the payment card data and other account details.
Revolut told SDPI that it is in communication with affected customers and is continuing its investigation into the incident. Customers are informed of the PDB by email and Revolut said that it will not call or send SMS messages to its customers or ask for login data or access codes due to the breach.
Read more: Uber Points to Lapsus$ Gang as Reason for Breach
The SDPI launched the investigation into Revolut’s PDB to assess whether there was a violation of the provisions of the General Data Protection Regulation (GDPR), according to the statement. The regulator said its investigation is ongoing.
“We immediately identified and isolated the attack to effectively limit its impact and have contacted those customers affected. Customers who have not received an email have not been impacted,” Revolut said in a statement emailed to multiple media outlets.
PYMNTS has reached out to Revolut for comment.
Related: Cybersecurity Breach at Samsung Exposes US Customer Personal Info
In a letter to customers affected by the hack that was posted on Reddit, Revolut reportedly said: “We recently received a highly targeted cyber attack from an unauthorised third party that may have gained access to some of your information for a short period of time.
“You do not need to take any action, however we wanted to let you know, and sincerely apologize for this incident. Although your money is safe, you may be at increased risk of fraud. We recommend that you be especially vigilant for any suspicious activity, including suspicious emails, phone calls or messages.”
For all PYMNTS EMEA coverage, subscribe to the daily EMEA Newsletter.
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More