Massive data breach at a US fintech company affects over 690,000 customers due to an internal security incident
FinWise Data Breach Affects Over Half a Million Customers
A US-based fintech firm, FinWise, experienced a data security incident on May 31, 2024. The incident involved a former employee of FinWise accessing data after the end of their employment, affecting approximately 689,000 individuals.
In response to the incident, FinWise has taken 'many precautions' to safeguard customer data. The company has launched a formal investigation to determine how the former employee gained access to this data. FinWise is also offering free credit monitoring and identity theft protection services to those affected by the breach.
Data exposed included customer information such as full names and undisclosed 'data elements'. Some of the data impacted includes customer information of American First Finance (AFF), a technology provider that FinWise contracts with to offer installment loans to consumers.
The incident highlights the potential risks of insider attacks for enterprises. Security experts are calling for better 'offboarding' practices at enterprises to prevent workers from turning on their employer once they've left. Josh Kirkwood, senior manager for CyberArk's field technology office, stated that the offboarding process has long been a weak spot for many organizations. He suggested that offboarding should not just be an afterthought, implying a need for a shift in this area.
Not all insider threats are intentional, with haphazard cyber hygiene practices by individual employees potentially causing disaster for enterprises. In a separate incident, a software developer named Davis Lu caused widespread disruption at Eaton Corp by deploying a 'kill switch' to sabotage his former employer's networks.
The FBI has warned about the Salt Typhoon hacking campaign, which has affected organizations in more than 80 countries. Recent cybersecurity experts who have repeatedly warned about the dangerous effects of insider attacks include unnamed IT security specialists cited for warning about data protection problems related to digital identity systems and inadequate security measures, as well as concerns about data leaks and hacker access through private providers managing sensitive personal information.
According to the 2024 Arctic Wolf's State of Cybersecurity report, 61% of organizations identified insider threats over a year. Verizon's research also shows that 34% of reported breaches came as a result of an insider. Moreover, 29% of the identified insider threats in the Arctic Wolf report resulted in breaches.
The FinWise data breach is a reminder of the importance of robust cybersecurity measures and the need for enterprises to prioritize the protection of their customers' data. As the digital world continues to evolve, it is crucial for businesses to stay vigilant against both external and internal threats to maintain the trust and security of their customers.
Read also:
- Ford Discontinues Popular Top-Seller in Staggering Shift, Labeled as a "Model T Event"
- 2025 Witnesses a 27% Surge in Worldwide Electric Vehicle Sales, Despite Opposition to Electrification Policies in the U.S.
- Recorded surge in electric vehicle registrations during the initial half of the year
- Dubai-bound: Omega Seiki Mobility, an electric vehicle company from India, prepares for assembly establishment
