- A former FINWISE employee accessed confidential data at 689,000 people over a year after leaving the company
- Victims probably include those with loans or end accounts, attended by American First Finance, their technological partner
- Finwise hired security experts, notified the authorities and offered credit monitoring
Finwise Bank, a community -based community bank, recently suffered an internal data violation when a former employee agreed to the confidential data of customers after her job was over.
In a new report presented to the Office of the Attorney General of Maine, Finwise said that the violation occurred on May 31, 2024, but it was discovered more than a year later, on June 18, 2025. In total, the sensitive data on 689,000 people were committed.
Although the presentation does not detail the nature of the stolen files, a letter of data violation, sent to the affected people, mentions “complete names” and other “data elements”.
Decorate GPT with a “model” request
The company did not explain exactly how the former employee agreed to the files.
Finwise said the data could be related to the first US financing (AFF), a financial services company that provides alternative consumer financing, especially for people with limited or deficient credit history.
Finwise hires AFF to offer consumers in installments, “explained the bank.” In this agreement, Finwise is the lender and AFF is the technology provider. Finwise originates the loan and provides funds to the consumer. AFF is hired to provide the application platform, facilitate the origin of the loan for Finwise, as well as the loan service on behalf of Finwise ”.
The bank suggests that those who have requested or requested a loan in installments of Finwise, a lease account to purchase or an account of sale of retail fees, are the possible victims of this incident.
After discovering the attack, the bank did what all companies do when they face a similar thing: brought to third -party security experts to evaluate the damage and analyze the attack, notified the police and other relevant authorities, they communicated with the affected people and offered a year of free monitoring of credit and identity robbery protection. The seller’s name was not revealed.
Through Bleepingcomputer
