A data breach at FinWise Bank, caused by a former employee who retained access to their systems, has exposed the personal data of approximately 689K American First Finance customers. The bank is now providing affected individuals with free credit monitoring and identity theft protection for 12 months.
A former FinWise Bank employee caused an insider data breach, exposing the information of 689,000 American First Finance customers. FinWise, a Utah-based and FDIC-insured community bank, has a business partnership with AFF where it funds consumer loans while AFF handles the application and servicing aspects. The breach was discovered on May 31, 2024, and the bank promptly notified the Maine Attorney General.
The investigation, which included external cybersecurity experts, found that the ex-employee was able to access sensitive AFF data even after their employment ended. The bank’s notification didn’t include details about the technical aspects of the security failure or whether the former employee’s actions were deliberate or simply the result of negligence. It remains unclear if any data beyond the AFF records was accessed.
The personal information exposed in the breach may be connected to FinWise loans, AFF lease-to-own accounts, or retail installment sales agreements. The full scope of the breach is still being determined, but the bank’s notification to the Maine Attorney General confirms the impact on American First Finance’s data.
The official notification from FinWise Bank stated, “On May 31, 2024, FinWise experienced a data security incident involving a former employee who accessed FinWise data after the end of their employment. Some of the data impacted includes American First Finance’s (“AFF’s”) data.” It further clarified the business relationship, noting that FinWise acts as the lender while AFF serves as the technology provider.
To assist the affected individuals, FinWise Bank is offering 12 months of free credit monitoring and identity theft protection services. This step is a common practice for companies to help mitigate the potential fallout from a data breach and provide a layer of security for those whose information may have been compromised.
Reference:
