In the last several months, a number of tech companies and crypto exchanges have been compromised in a series of global cyber attacks. Revolut, a FinTech banking startup, is the latest victim of these attacks. 

According to a spokesperson, an “unauthorized third party obtained access to the details of a small percentage (0.16%) of our customers for a short period of time,” but Revolut managed to quickly contain the attack.

Similar to recent attacks on MailChimp, Twilio, and Uber, the threat actor used social engineering to persuade an employee to hand over sensitive information such as their password.

It is unknown exactly how many customers were impacted, but according to its breach disclosure to the Lithuanian authorities, where the company has a banking license, 50,150 customers appear to have been impacted by the breach, including 20,687 customers in the European Economic Area and 379 Lithuanian citizens. 

He continued: “We immediately identified and isolated the attack to effectively limit its impact and have contacted those customers affected. Customers who have not received an email have not been impacted.”

In its email to the affected customers, which a user posted on Reddit, the company said that “no card details, PINs or passwords were accessed.” However, the breach disclosure states that hackers likely accessed partial card payment data, along with customers’ names, addresses, email addresses and phone numbers.

Revolut further warns that the breach triggered a phishing campaign, and informed customers that it will not call or send SMS messages asking for login data or access codes. 

The company also formed a dedicated team to monitor customer accounts and make sure that both their money and data are safe.