{"id":2835,"date":"2025-09-16T09:51:42","date_gmt":"2025-09-16T09:51:42","guid":{"rendered":"https:\/\/ft365.org\/index.php\/2025\/09\/16\/finwise-bank-warns-of-insider-data-breach\/"},"modified":"2025-09-16T09:51:42","modified_gmt":"2025-09-16T09:51:42","slug":"finwise-bank-warns-of-insider-data-breach","status":"publish","type":"post","link":"https:\/\/ft365.org\/index.php\/2025\/09\/16\/finwise-bank-warns-of-insider-data-breach\/","title":{"rendered":"FinWise Bank Warns of Insider Data Breach"},"content":{"rendered":"<div>\n<p><img decoding=\"async\" src=\"https:\/\/ft365.org\/wp-content\/uploads\/2025\/06\/localimages\/ea721ff9-8ba4-4d88-b386-57e9e1606077.jpg?width=64&#038;height=64&#038;mode=crop&#038;scale=both&#038;format=webp\" alt=\"Photo of Phil Muncaster\" loading=\"lazy\"><\/p>\n<\/div>\n<div id=\"cphContent_pnlArticleBody\" data-layout-id=\"2\" data-edit-folder-name=\"text\" data-index=\"0\">\n<p>A US fintech player has notified customers that their personal information may have been compromised after a former employee accessed it.<\/p>\n<p>The incident at FinWise Bank occurred on May 31\u00a02024, but wasn\u2019t discovered until over a year later,\u00a0on June 18\u00a02025, according to a filing with the Office of the Maine Attorney General.<\/p>\n<p>\u201cFinWise experienced a data security incident involving a former employee who accessed FinWise data after the end of their employment,\u201d the breach notification letter reads.<\/p>\n<p>\u201cSome of the data impacted includes American First Finance\u2019s (AFF\u2019s) data.\u201d<\/p>\n<p>FinWise works with credit lender AFF to offer installment loans to consumers.<\/p>\n<p><em>Read more on insider threats: 61% of US Companies Hit by Insider Data Breaches<\/em><\/p>\n<p>According to the notification, 689,000 FinWise\/AFF customers were impacted by the insider incident. In the notification letter, FinWise redacted most of the personal information categories relevant to the case, revealing only that customers\u2019\u00a0full names were compromised.<\/p>\n<p>\u201cUpon learning of the incident, FinWise immediately launched an investigation in consultation with outside cybersecurity professionals who regularly investigate and analyze these types of situations to help determine whether any sensitive data had been accessed by the former FinWise employee after the end of their employment,\u201d it added.<\/p>\n<p>Utah-headquartered FinWise has offered affected customers 12 months of free credit monitoring and identity theft protection services, and urged them to place a fraud alert and\/or security freeze on credit files, as well as obtain a free credit report.<\/p>\n<p>\u201cAdditionally, you should always remain vigilant in reviewing your financial account statements and credit reports for fraudulent or irregular activity on a regular basis,\u201d it added.<\/p>\n<h2>Most Firms Lack Insider Threat Detection<\/h2>\n<p>Exabeam CISO, Kevin Kirkwood, claimed 90% of organizations lack the resources to effectively detect and respond to insider threats.<\/p>\n<p>\u201cOrganizations must do a better job of prioritizing and segmenting access to sensitive information to prevent one person from being able to access any and all information,\u201d he added.<\/p>\n<p>\u201cIn this case, the threat actor responsible had been let go by FinWise prior to the breach occurring, yet still had the knowledge needed to steal hundreds of thousands of client records.\u201d<\/p>\n<p>Kirkwood argued that CISOs should combine more investment in cyber defense with improved education programs for employees \u2013 keeping AI threats front of mind.<\/p>\n<p>\u201cOrganizations must provide clear guidelines on reducing unnecessary or unauthorized access to sensitive information,\u201d he explained.<\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>A US fintech player has notified customers that their personal information may have been compromised after a former employee accessed it. The incident at FinWise Bank occurred on May 31\u00a02024, but wasn\u2019t discovered until over a year later,\u00a0on June 18\u00a02025, according to a filing with the Office of the Maine Attorney General. \u201cFinWise experienced a<\/p>\n","protected":false},"author":2,"featured_media":2836,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2835","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"featured_image_urls":{"full":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2835-cb9cc840-fe4b-4e44-a179-d3870dbd876f.jpg",300,300,false],"thumbnail":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2835-cb9cc840-fe4b-4e44-a179-d3870dbd876f-150x150.jpg",150,150,true],"medium":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2835-cb9cc840-fe4b-4e44-a179-d3870dbd876f.jpg",300,300,false],"medium_large":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2835-cb9cc840-fe4b-4e44-a179-d3870dbd876f.jpg",300,300,false],"large":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2835-cb9cc840-fe4b-4e44-a179-d3870dbd876f.jpg",300,300,false],"1536x1536":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2835-cb9cc840-fe4b-4e44-a179-d3870dbd876f.jpg",300,300,false],"2048x2048":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2835-cb9cc840-fe4b-4e44-a179-d3870dbd876f.jpg",300,300,false],"morenews-featured":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2835-cb9cc840-fe4b-4e44-a179-d3870dbd876f.jpg",300,300,false],"morenews-large":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2835-cb9cc840-fe4b-4e44-a179-d3870dbd876f.jpg",300,300,false],"morenews-medium":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2835-cb9cc840-fe4b-4e44-a179-d3870dbd876f.jpg",300,300,false],"crawlomatic_preview_image":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2835-cb9cc840-fe4b-4e44-a179-d3870dbd876f-146x146.jpg",146,146,true]},"author_info":{"display_name":"henry","author_link":"https:\/\/ft365.org\/index.php\/author\/henry\/"},"category_info":"<a href=\"https:\/\/ft365.org\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","_links":{"self":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/2835","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/comments?post=2835"}],"version-history":[{"count":0,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/2835\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media\/2836"}],"wp:attachment":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media?parent=2835"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/categories?post=2835"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/tags?post=2835"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}