Digital bank Revolut is being investigated by a regulator in Lithuania following a data breach earlier this month that exposed sensitive information on 50,150 customers, including those in the European Economic Area (EEA).
The State Data Protection Inspectorate (SDPI) opened an investigation after being alerted of a personal data breach (PDB) from Revolut, according to a statement from the regulator. Preliminary data showed that an unknown actor likely gained access to the Revolut database by using malicious social engineering tactics.
Of the customers exposed worldwide, 20,687 were from the EEA and 379 were from Lithuania, according to the statement.Data potentially affected includes names, addresses, e-mail addresses, telephone numbers, part of the payment card data and other account details.
Revolut told SDPI that it is in communication with affected customers and is continuing its investigation into the incident. Customers are informed of the PDB by email and Revolut said that it will not call or send SMS messages to its customers or ask for login data or access codes due to the breach.
The SDPI launched the investigation into Revolut’s PDB to assess whether there was a violation of the provisions of the General Data Protection Regulation (GDPR), according to the statement. The regulator said its investigation is ongoing.
“We immediately identified and isolated the attack to effectively limit its impact and have contacted those customers affected. Customers who have not received an email have not been impacted,” Revolut said in a statement emailed to multiple media outlets.
Want more news? Subscribe to CPI’s free daily newsletter for more headlines and updates on antitrust developments around the world.