- A former Finwise employee accessed sensitive data out of 689,000 people over a year after leaving the company
- The victims probably include those who have loans or FINWISE accounts served by American First Finance, his technological partner
- Fingise hired security experts, informed the authorities and offered credit follow -up
Finwise Bank, a UTAH -based community bank, recently underwent a violation of initiate data when a former employee has accessed data from sensitive customers after the end of his job.
In a new report filed with the Maine Prosecutor General’s Office, Fingise said that the violation had taken place on May 31, 2024, but was discovered more than a year later, on June 18, 2025. In total, sensitive data on 689,000 people were compromised.
Although the deposit does not detail the nature of the stolen files, a letter of notification of data violation, sent to affected individuals, mentions the “complete names” and other “data elements”.
Tricking GPT with a request for “model”
The company did not explain exactly how the ex-employee accessed the files.
Fingise said that data could be linked to American First Finance (AFF), a financial services company that provides alternative funding on consumers, especially for people with limited or mediocre credit history.
Fingise contracts with AF to offer consumer loans to consumers, “said the bank.” In this arrangement, Fingise is the lender and AFR is the technology supplier. Fingise is at the origin of the loan and provides funds to the consumer. ATS is contracted to provide the request platform, facilitate the creation of the loan for Finwise, as well as to serve the loan in the name of Fingise. »»
The bank suggests that those who have had or asked for a finished finance loan, a rental account at the automobile or a retail sales account sales, are the likely victims of this incident.
After discovering the attack, the bank did what all companies face a similar thing: called on third -party security experts to assess the damage and analyze the attack, informed the application of laws and other relevant authorities, contacted the affected people and offered a year of free credit and protection against identity flight. The name of the seller has not been disclosed.
Via Bleeping Compompute
