A Former Employee of FinWise Bank Accessed Data of 689,000 Customers

A Former Employee of FinWise Bank Accessed Data of 689,000 Customers

American bank FinWise has disclosed a data breach affecting hundreds of thousands of customers, carried out by a former employee who accessed confidential information after leaving the company.

Incident Details

According to a notification issued by FinWise on behalf of its partner American First Finance (AFF), the breach occurred on May 31, 2024, when a former employee accessed bank data after their employment had ended.

AFF provides consumer financial products such as installment plans and rent-to-own programs for a variety of goods and services. Customers typically apply for and manage loans through AFF, while FinWise serves as the funding bank, issuing and servicing the loans.

Scope of the Breach

A notice filed with the Maine Attorney General’s Office states that the incident exposed data belonging to approximately 689,000 AFF customers. A copy of the notification letter, prepared by FinWise on behalf of AFF, confirms that the bank was the source of the breach.

The document indicates that the former employee accessed customer records, including full names and other personal information. However, the complete list of compromised data has been redacted.

Unanswered Questions

Neither FinWise nor AFF has explained how the former employee retained access to the bank’s systems after termination. The companies also stopped short of confirming the exact number of individuals impacted, despite the figure cited in regulatory filings.

Response and Mitigation

FinWise says it launched an investigation with the assistance of external cybersecurity specialists to assess the breach’s scope. The bank also reports strengthening its internal controls to reduce the risk of similar incidents in the future.

Affected customers are being offered 12 months of free credit monitoring and identity theft protection services.