FinWise Bank Data Breach Exposes SSNs of Nearly 700,000 American First Finance Customers
A significant data breach originating from FinWise Bank has exposed the sensitive personal information of nearly 700,000 customers of its financial partner, American First Finance (AFF). The incident, attributed to an insider threat, involved a former employee who accessed and copied a file containing a vast amount of customer data after their employment had been terminated.
This breach underscores the growing risk of insider threats, where individuals with legitimate access to internal systems misuse their privileges. According to official notifications, the data was accessed on May 23, 2023, but the breach was not discovered until February 8, 2024—a delay of over eight months.
What Information Was Compromised?
The breach exposed highly sensitive data that could be used for identity theft and financial fraud. Affected individuals should be aware that the following information was included in the compromised file:
- Full Names
- Social Security Numbers (SSNs)
- Loan Account Numbers
- Loan Balances and Original Loan Amounts
The combination of names, SSNs, and specific financial details makes this incident particularly dangerous. Criminals can use this data to apply for new lines of credit, file fraudulent tax returns, or open financial accounts in a victim’s name.
How to Protect Yourself After the Breach
If you are a customer of American First Finance, it is crucial to take immediate steps to protect your financial identity. Even if you have not yet received a notification letter, acting proactively is the best defense.
1. Enroll in the Offered Credit Monitoring
FinWise Bank is offering affected individuals 12 months of free credit and identity monitoring services through TransUnion’s myTrueIdentity. The official notification letter contains instructions and an activation code. Be sure to sign up immediately to receive alerts about any new activity on your credit file.
2. Place a Fraud Alert on Your Credit Reports
A fraud alert is a free notice placed on your credit report that requires creditors to take extra steps to verify your identity before opening a new account. You only need to contact one of the three major credit bureaus (Equifax, Experian, or TransUnion) to place an alert with all three.
- Experian: 1-888-397-3742
- TransUnion: 1-800-680-7289
- Equifax: 1-800-525-6285
3. Freeze Your Credit (Highly Recommended)
A credit freeze is the single most effective step you can take to prevent criminals from opening new accounts in your name. A freeze restricts access to your credit report, which most creditors require before approving a new application. Freezing and unfreezing your credit is free of charge at all three bureaus and can be done online. This action does not affect your existing credit score or accounts.
4. Scrutinize Your Financial and Loan Statements
Carefully review all your bank, credit card, and loan statements for any unauthorized charges or suspicious activity. Because the breach included specific loan information, criminals may attempt to use this data to impersonate you in communications with lenders.
5. Be Vigilant Against Phishing Scams
Cybercriminals who possess your personal information may use it to create highly convincing phishing emails, text messages, or phone calls. Be suspicious of any unsolicited communication that asks for more personal information or urges you to click a link or download an attachment. Remember that legitimate financial institutions will never ask for your password, SSN, or full account number via email.
This data breach is a serious reminder that personal data is constantly at risk. By taking these protective measures, you can significantly reduce your chances of becoming a victim of identity theft and financial fraud.
Source: https://securityaffairs.com/182222/data-breach/insider-breach-at-finwise-bank-exposes-data-of-689000-aff-customers.html
