FinWise Bank, a US-based fintech providing banking services and technology solutions, disclosed a data breach involving a former employee who may have accessed or acquired personal information of nearly **689,000 customers** after leaving the company. The incident occurred on **May 31, 2024**, but was only detected on **June 18, 2024**. The compromised data belonged to customers of **American First Finance (AFF)**, a poor-credit lender partnered with FinWise for installment loans. While the exact types of exposed data were redacted, the breach prompted FinWise to offer **12 months of free credit monitoring and identity theft protection** to affected individuals. An internal investigation, assisted by external cybersecurity experts, confirmed unauthorized access to files containing personal information. The incident highlights risks posed by **malicious insiders**, a growing concern across industries, with recent cases involving bribery, corporate espionage, and accidental data leaks via misdirected emails. FinWise has not disclosed further details, but the breach underscores gaps in **post-employment access controls** and **insider threat mitigation** strategies.
Source: https://www.theregister.com/2025/09/15/finwise_insider_data_breach/
TPRM report: https://www.rankiteo.com/company/finwise-bank
"id": "fin2192221091525",
"linkid": "finwise-bank",
"type": "Breach",
"date": "5/2024",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': '689,000',
'industry': 'Financial Services',
'location': 'Utah, USA',
'name': 'FinWise Bank',
'type': 'Fintech / Bank'},
{'customers_affected': 'Included in 689,000 (exact '
'number unspecified)',
'industry': 'Financial Services (Poor-Credit Lending)',
'name': 'American First Finance (AFF)',
'type': 'Lender'}],
'attack_vector': 'Malicious insider (former employee)',
'customer_advisories': 'Notification letters sent to 689,000 affected '
'customers',
'data_breach': {'data_exfiltration': "Possible (data 'may have been accessed "
"or acquired')",
'number_of_records_exposed': '689,000',
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (personal information; exact '
'types redacted)'},
'date_detected': '2024-06-18',
'description': 'A former employee of FinWise Bank, a US-based fintech '
'providing banking services and technology solutions, may have '
'accessed or acquired customer data after leaving the company. '
'The incident, detected on June 18, 2024, involved data '
'belonging to ~689,000 customers, including those of American '
'First Finance (AFF), a poor-credit lender partnering with '
'FinWise for installment loans. Affected individuals were '
'offered 12 months of free credit monitoring and identity '
'theft protection. The types of compromised data were redacted '
'from public filings.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'insider breach and lack of '
'transparency (data types redacted)',
'data_compromised': True,
'identity_theft_risk': 'High (credit monitoring offered to 689,000 '
'affected individuals)'},
'initial_access_broker': {'entry_point': 'Post-employment access by former '
'employee',
'high_value_targets': 'Customer personal '
'information (AFF data '
'included)'},
'investigation_status': 'Completed (forensic investigation and manual '
'document review concluded by June 18, 2024)',
'motivation': 'Unknown (potentially malicious or unauthorized access '
'post-employment)',
'post_incident_analysis': {'root_causes': 'Insufficient post-employment '
'access controls; potential lack of '
'insider threat monitoring'},
'recommendations': ['Improve internal security culture to counter insider '
'risks (per RUSI recommendations)',
'Amalgamate insider threat indicators across departments '
'via a dedicated working group',
'Enhance trust-building measures within the organization'],
'references': [{'source': 'The Register'},
{'source': "Maine Attorney General's Office Filing"}],
'regulatory_compliance': {'regulatory_notifications': 'Filing submitted to '
"Maine's Attorney "
"General's Office"},
'response': {'communication_strategy': 'Customer notification letters sent; '
"public filing with Maine's Attorney "
"General's Office (redacted details)",
'incident_response_plan_activated': True,
'recovery_measures': '12 months of free credit monitoring and '
'identity theft protection offered to '
'affected customers',
'third_party_assistance': 'Outside cybersecurity professionals '
'consulted for forensic investigation'},
'threat_actor': 'Former FinWise Bank employee',
'title': 'FinWise Bank Insider Data Breach Affecting Nearly 700,000 Customers',
'type': 'Insider Threat / Data Breach'}