- A former Finway employee gained access to sensitive data about 689,000 people more than one year after leaving the business
- Victims probably include those with fine wise loans or accounts serviced by American First Finance, its technology partner
- Finwise hired security experts, notified authorities and offered credit monitoring
Finwise Bank, an UTAH-based community bank, recently suffered an insider data violation when a former employee gained access to sensitive customer data after their employment was completed.
In a new report filed with the Maine Attorney General Office, Finwise said the violation happened on May 31, 2024, but was discovered more than a year later, on June 18, 2025. In total, sensitive data of 689,000 people was compromised.
While the filing does not describe the nature of the stolen files, a review of data violation sent to affected persons, “full names” and other “data elements”.
Fool gpt with a “mock-up” request
The company did not explain exactly how the former employees gained access to the files.
Finwise said the data could be related to American First Finance (AFF), a company of financial services providing alternative consumer financing, especially for people with limited or bad credit history.
FINWISE Contracts with Aff to offer installment loans to consumers, “explained the bank.” In this arrangement, Finwise is that the lender and Aff are the technology provider. Finwise comes from the loan and provides funds to the consumer. AFF is contracted to deliver the application platform, facilitate the loan’s origin for Finwise and the service loan on behalf of Finwise. “
The bank suggests that those who have had or applied for a Finwise repayment loan, a lease contract account or a sales agreement for sales agreement are the likely victims of this incident.
After finding out the attack, the bank did what all companies do when facing a similar thing: brought in third -party security experts to assess the damage and analyze the attack, reported law enforcement and other relevant authorities, reached out to affected persons and offered one year of protection of free credit surveillance and identity theft. The name of the seller was not revealed.
Via Bleeping computer
