Revolut hacked as cyber criminals steal US$20m

Fintech Revolut, found itself at the mercy of hackers in 2022, further stressing the significance of trying to curb the spread of global cyber attacks

Global bank and financial technology company Revolut was hacked, resulting in more than US$20m having been stolen.

A flaw in Revolut’s US payment system allowed cyber criminals to steal millions over a period of several months in 2022 before the company could close the loophole. As first reported by The Financial Times, the fintech’s systems failed to pick up on the mass fraud, with the problem only coming to light when a partner bank notified it that it was holding less cash than expected.

This situation stresses the significance of increased global cyber attacks and how businesses - especially financial organisations - would benefit from investing more into cybersecurity.

Software vulnerability leaves room for ‘bad actors’

Despite the breach not being publicly commented on by the company, it has become clear that there was a cyber bug that allowed users to have a payment declined and then have Revolut refund the money that was never sent. 

Cyber criminals then began to exploit this problem, without the use of malware, but rather encouraging people to make expensive purchases that could be declined. They would then withdraw the refunded money from ATM machines, resulting in Revolut losing nearly US$23m.

Sensitive data was accessed as part of the hack, including names, addresses, email addresses and partial payment card information.

As this breach returns to public discussion, concerns have yet again risen about the security of digital banking systems and cyber systems more broadly. With data breaches and cyber threats becoming increasingly sophisticated, ensuring the safety and integrity of sensitive information has become a top priority for businesses.

Protecting the data privacy of customers, against unauthorised access and defending against vulnerabilities is paramount to ensure digital safety.

Continued cyber attacks on data threaten financial sector

Ransomware in particular remains a very significant cyber risk to small and medium-sized businesses. Although the number of new variants continues to decline, it has been suggested that the severity of this type of attack remains significant.

Acronis in particular recently confirmed that in the first half of 2023 alone, the number of email-based phishing attacks surged 464% in comparison to 2022. It emphasises the need for continued proactive cyber protection measures to mitigate risk.

Attacks of this nature intensifying can only have devastating implications for fintech companies if they do not have the appropriate cybersecurity measures in place. Financial organisations must continue to remain vigilant and up-to-date.

Businesses can make it more difficult for bad actors by restricting network users and making it easier for security teams to disrupt ransomware or malware attacks.

Revolut is still waiting for confirmation of its banking licence in the UK, more than two years after first announcing its application, according to The Financial Times.


Featured Articles

Tech & AI LIVE: Key Events that are Vital for Cybersecurity

Connecting the world’s technology and AI leaders, Tech & AI LIVE returns in 2024, find out more on what’s to come in 2024

MWC Barcelona 2024: The Future is Connectivity

Discover the latest in global technology and connectivity at MWC Barcelona 2024, where industry giants converge to discuss 5G, AI and more industry trends

AI-Based Phishing Scams Are On The Rise This Valentine’s Day

Research from Egress Threat Intelligence, Avast, Cequence Security & KnowBe4 outlines how AI is being used in dating app phishing scams on Valentine’s Day

Speaker Lineup Announced for Tech Show London 2024

Technology & AI

Darktrace predicts AI deepfakes and cloud vulnerabilities

Cloud Security

Secure 2024: AI’s impact on cybersecurity with Integrity360

Technology & AI