The American bank FinWise has warned, on behalf of a partner company, that it suffered a data breach. It is reported that last year a former employee of the financial institution gained access to confidential data even after their employment had ended.
“On May 31, 2024, FinWise experienced a data security incident. A former employee accessed FinWise data after the termination of their employment,” the notice sent by FinWise on behalf of American First Finance (AFF) says.
American First Finance is a company that provides consumer financial products, including installment plans and lease-to-own programs, for a wide range of goods and services. Typically, customers use AFF to apply for and manage credit, while the company handles servicing, account opening, repayment processing, and support.
FinWise partners with AFF and is the bank that funds and originates these loans.
According to a notification filed with the Maine Attorney General’s office, AFF reported that the FinWise breach affected information on 689,000 of its customers. The filing includes a notice letter prepared by FinWise on behalf of AFF, confirming that the bank was the source of the data breach.
FinWise reports that during the breach a former employee gained access to customer information, including full names and other personal data; however, the full list of compromised data is redacted in the document.
The company is not saying how the former employee was able to access the data after being terminated, nor is it disclosing the exact number of people affected by this incident.
The bank emphasizes that after discovering the breach, it launched an investigation involving external cybersecurity specialists to assess the scope of the incident. FinWise also says it has strengthened internal controls to mitigate similar risks in the future.
Affected individuals are being offered 12 months of free credit monitoring and identity theft protection services.