CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

FinWise insider breach exposes 689K American First Finance customers' data

First reported
Last updated
1 unique sources, 2 articles

Summary

Hide ▲

A former employee of FinWise Bank accessed sensitive customer files after the end of their employment, impacting 689,000 American First Finance (AFF) customers. The breach, which occurred on May 31, 2024, involved personal data, including full names, and went undetected for over a year. FinWise has strengthened internal controls and is offering credit monitoring services to affected individuals. The breach was discovered on June 18, 2025, and was disclosed in September 2025. The incident has led to multiple class-action lawsuits alleging inadequate encryption and security measures. FinWise Bank partners with AFF to originate and fund loans. The breach was discovered and investigated with the help of external cybersecurity professionals. The exact methods of unauthorized access and the full extent of the exposed data remain undisclosed.

Timeline

  1. 22.10.2025 18:11 1 articles · 23h ago

    Legal and regulatory scrutiny intensifies over potential encryption failures

    FinWise Bank's failure to implement basic safeguards and potentially poor encryption practices has led to legal action and regulatory scrutiny. The breach highlights the need for robust defense strategies against both external attacks and insider threats. The article promotes Penta Security's D.AMO as a comprehensive data security platform that could have mitigated the impact of the breach.

    Show sources
    Open in new tab
  2. 15.09.2025 21:18 2 articles · 1mo ago

    FinWise insider breach impacts 689K American First Finance customers

    The breach was discovered on June 18, 2025, and FinWise notified affected customers in June 2025. Lawsuits allege that the stolen data may not have been adequately encrypted and secured, leading to public criticism and regulatory scrutiny. Security experts stress the need for proactive detection and prevention of abnormal access attempts. The breach went undetected for over a year after the initial unauthorized access on May 31, 2024.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Sotheby's data breach exposes employee financial information

Sotheby's, a leading global auction house, detected a data breach on July 24, 2025, where threat actors stole sensitive employee information, including financial details. The breach was discovered in July 2025, but the investigation took two months to determine the extent of the data stolen and the individuals impacted. The exposed information includes full names, Social Security numbers (SSNs), and financial account information. The total number of impacted individuals remains undisclosed, but at least four individuals in Maine and Rhode Island were affected. Sotheby's has offered a 12-month free identity protection and credit monitoring service through TransUnion to affected employees.

Open in new tab

WestJet data breach impacts 1.2 million customers

WestJet, a major Canadian airline, has confirmed that a cyberattack on June 13, 2025, compromised the personal information of 1.2 million customers. The breach involved the theft of travel documents, including passports and ID documents. The attackers gained access to the network through a Citrix system after resetting an employee's password via social engineering. The breach was attributed to threat actors associated with Scattered Spider, although no official attribution has been made. The compromised data includes full names, dates of birth, mailing addresses, travel documents, requested accommodations, filed complaints, WestJet Rewards Member IDs, and details of WestJet RBC Mastercard information. No credit card or debit card numbers, expiry dates, CVV numbers, or user passwords were compromised. The airline is working with the FBI and has offered a free 2-year identity theft protection and monitoring service to affected customers. The breach was first identified on June 13, 2025, and the data breach notification was sent to the Office of the Maine Attorney General on September 29, 2025.

Open in new tab

Akira Ransomware Group Disables KNP Logistics Group with Weak Password Exploit

The Akira ransomware group successfully breached KNP Logistics Group (formerly Knights of Old) in June 2025. The attackers exploited a weak employee password to gain access to the company's internet-facing systems. Once inside, they deployed ransomware, encrypted critical data, and destroyed backups, leading to the company's collapse. The incident resulted in the loss of 700 jobs and significant economic impact in Northamptonshire. The attack underscores the critical importance of strong password policies and multi-factor authentication (MFA) in preventing ransomware attacks. The breach highlights the persistent risk posed by weak passwords, with 45% of compromised passwords crackable within a minute. The attack also demonstrates the broader consequences of ransomware attacks, including job losses and economic disruption.

Open in new tab

RaccoonO365 Phishing Network Disrupted by Microsoft and Cloudflare

The RaccoonO365 phishing network, a financially motivated threat group, was disrupted by Microsoft's Digital Crimes Unit (DCU) and Cloudflare. The operation, executed through a court order in the Southern District of New York, seized 338 domains used by the group since July 2024. The network targeted over 2,300 organizations in 94 countries, including at least 20 U.S. healthcare entities, and stole over 5,000 Microsoft 365 credentials. The RaccoonO365 network operated as a phishing-as-a-service (PhaaS) toolkit, marketed to cybercriminals via a subscription model on a private Telegram channel. The group used legitimate tools like Cloudflare Turnstile and Workers scripts to protect their phishing pages, making detection more challenging. The mastermind behind RaccoonO365 is believed to be Joshua Ogundipe, who received over $100,000 in cryptocurrency payments. The group is also suspected to collaborate with Russian-speaking cybercriminals. Cloudflare executed a three-day 'rugpull' against RaccoonO365, banning all identified domains, placing interstitial 'phish warning' pages, terminating associated Workers scripts, and suspending user accounts to prevent re-registration.

Open in new tab

BreachForums Administrator Fitzpatrick Resentenced to Three Years in Prison

Conor Brian Fitzpatrick, alias Pompompurin, the administrator of the BreachForums hacking forum, has been resentenced to three years in prison. Fitzpatrick was initially sentenced to time served and 20 years of supervised release, but this was overturned due to violations of pretrial release conditions. BreachForums was a significant platform for trading and selling stolen data and access to corporate networks. Fitzpatrick's resentencing follows his guilty pleas to charges of conspiracy to commit access device fraud, solicitation for the purpose of offering access devices, and possession of child sexual abuse material (CSAM). The forum's activities included the sale and trade of stolen data from various sectors, including telecom providers, social networks, healthcare companies, investment firms, and government agencies. Fitzpatrick agreed to forfeit over 100 domain names, a dozen electronic devices, and cryptocurrency used in the operation of BreachForums. The U.S. Court of Appeals for the Fourth Circuit vacated Fitzpatrick's prior sentence on January 21, 2025. BreachForums had over 14 billion individual records at its peak and was relaunched multiple times despite efforts to shut it down. The original BreachForums database was leaked in July 2024, exposing members' information. ShinyHunters claimed the forum was compromised and under the control of international law enforcement in August 2025. The copycat forum went offline in September 2025, stating they have "decided to go dark" along with 14 other e-crime groups.

Open in new tab