Revolut hacked as cyber criminals steal US$20m

Global bank and financial technology company Revolut was hacked, resulting in more than US$20m having been stolen.

A flaw in Revolut’s US payment system allowed cyber criminals to steal millions over a period of several months in 2022 before the company could close the loophole. As first reported by The Financial Times, the fintech’s systems failed to pick up on the mass fraud, with the problem only coming to light when a partner bank notified it that it was holding less cash than expected.

This situation stresses the significance of increased global cyber attacks and how businesses - especially financial organisations - would benefit from investing more into cybersecurity.

Software vulnerability leaves room for ‘bad actors’

Despite the breach not being publicly commented on by the company, it has become clear that there was a cyber bug that allowed users to have a payment declined and then have Revolut refund the money that was never sent. 

Cyber criminals then began to exploit this problem, without the use of malware, but rather encouraging people to make expensive purchases that could be declined. They would then withdraw the refunded money from ATM machines, resulting in Revolut losing nearly US$23m.

Sensitive data was accessed as part of the hack, including names, addresses, email addresses and partial payment card information.

As this breach returns to public discussion, concerns have yet again risen about the security of digital banking systems and cyber systems more broadly. With data breaches and cyber threats becoming increasingly sophisticated, ensuring the safety and integrity of sensitive information has become a top priority for businesses.

Protecting the data privacy of customers, against unauthorised access and defending against vulnerabilities is paramount to ensure digital safety.

Continued cyber attacks on data threaten financial sector

Ransomware in particular remains a very significant cyber risk to small and medium-sized businesses. Although the number of new variants continues to decline, it has been suggested that the severity of this type of attack remains significant.

Acronis in particular recently confirmed that in the first half of 2023 alone, the number of email-based phishing attacks surged 464% in comparison to 2022. It emphasises the need for continued proactive cyber protection measures to mitigate risk.

Attacks of this nature intensifying can only have devastating implications for fintech companies if they do not have the appropriate cybersecurity measures in place. Financial organisations must continue to remain vigilant and up-to-date.

Businesses can make it more difficult for bad actors by restricting network users and making it easier for security teams to disrupt ransomware or malware attacks.

Revolut is still waiting for confirmation of its banking licence in the UK, more than two years after first announcing its application, according to The Financial Times.