Massive data breach at American fintech company leaves nearly 700,000 clients affected, courtesy of an internal, malicious act.
In a concerning development, US-based fintech firm FinWise has experienced a data security incident that has impacted approximately 689,000 individuals. The breach, which occurred on May 31, 2024, has raised concerns about the security of customer data and the need for improved offboarding practices.
FinWise contracts with American First Finance (AFF) to offer installment loans to consumers, with FinWise being the lender and AFF the technology provider. However, it appears that a former employee of FinWise enabled access to customer data for several US financial service providers, including JPMorgan Chase, Citigroup, and Wells Fargo, as well as AFF.
The data exposed in the breach included full names and undisclosed "data elements". Some of the impacted data includes customer information of American First Finance (AFF). The incident involved a former employee who accessed FinWise data after the end of their employment.
Security experts have repeatedly warned about the increasing threats posed by insider attacks. A recent incident involved a software developer who deployed a "kill switch" to sabotage his former employer's networks. Not all insider threats are intentional; many result from haphazard cyber hygiene practices by individual employees.
Arctic Wolf's 2024 State of Cybersecurity report revealed that 61% of organisations identified insider threats over a year, with 29% resulting in breaches. Similar research from Verizon found 34% of reported breaches were due to insiders. In light of these findings, security experts have called for better offboarding practices at enterprises to prevent workers from turning on their employer once they've left.
FinWise has taken "many precautions" to safeguard customer data following the incident. The company has launched a formal investigation into the matter to determine how the former employee gained access to this data. FinWise is offering free credit monitoring and identity theft protection services to those affected.
This breach comes at a time when the FBI has warned about an 'indiscriminate' Salt Typhoon hacking campaign that has affected organisations in more than 80 countries. Hackers have recently abused ConnectWise ScreenConnect, and the Salesloft Drift hackers had access to the company's GitHub account for months before attacks. Offboarding has been identified as a weak spot for many organisations, and a shift is needed to make it a priority.
As the investigation into the FinWise data breach continues, it serves as a reminder for all organisations to prioritise data security and implement robust offboarding practices to protect sensitive information from potential insider threats.
Read also:
- Industrial robots in China are being installed at a faster rate than in both the United States and the European Union, as the global market for these robots faces a downturn.
- Hyundai N affirms transition to hybrid performance-centric models, initiating with Tucson N
- Galvanize Unveils $1.3 Billion Plan to Fund the Energy Sector's Evolution Pathway
- EAFO Research Uncovers Crucial Elements in Electric Vehicle Adoption within the EU
