Bank FinWise Issues Alert over Internal Data Leak
In a concerning turn of events, FinWise Bank, a credit lender that partners with American First Finance (AFF) to offer installment loans to consumers, has experienced a data security incident. The incident was discovered over a year later, on June 18, 2025.
The data access that caused the breach was traced back to an external hacker who exploited a vulnerability in the bank's system on May 31, 2024. The threat actor in question had been let go by the bank before the breach occurred, but still had access to sensitive information.
The incident impacted a significant number of customers, with 689,000 individuals affected. The notification letter from FinWise Bank did not reveal the personal information categories beyond customers' full names, which were compromised in the incident.
In response to the incident, FinWise Bank launched an investigation with outside cybersecurity professionals. The bank has also offered affected customers 12 months of free credit monitoring and identity theft protection services.
In light of the incident, Exabeam's Chief Information Security Officer, Kevin Kirkwood, emphasised the importance of organisations prioritising and segmenting access to sensitive information to prevent insider threats. He also recommended that organisations provide clear guidelines on reducing unnecessary or unauthorised access to such information.
Kirkwood further argued that Chief Information Security Officers (CISOs) should invest more in cyber defence and employee education programs, with a focus on AI threats. He stated that 90% of organisations lack the resources to effectively detect and respond to insider threats.
In the wake of the breach, Kirkwood's comments underscore the need for increased vigilance and investment in cybersecurity measures. As a precaution, FinWise Bank customers are urged to place a fraud alert and/or security freeze on their credit files, and obtain a free credit report. They should also regularly review their financial account statements and credit reports for fraudulent or irregular activity.
It's worth noting that 61% of US companies have been hit by insider data breaches, according to a separate report. This underscores the need for organisations to take proactive measures to protect their customers' data.
The incident serves as a reminder for all individuals to remain vigilant and proactive in protecting their personal information. By taking steps such as regularly reviewing account statements, placing fraud alerts, and staying informed about the latest cybersecurity threats, individuals can help protect themselves from potential data breaches.
Read also:
- Goodyear in 2025: Advancement in Total Mobility through the Launch of Kmax Gen-3 by Goodyear
- Electric SUV Showdown: Vinfast VF6 or MG Windsor EV - Your Choice Revealed
- United States Secures $632 Million to Fuel Electric Vehicle Revolution
- IM Motors reveals extended-range powertrain akin to installing an internal combustion engine in a Tesla Model Y
