Wilson's Media

A Tech & Gaming Blog

Former FinWise employee may have stolen sensitive data on 689,000 American First Finance customers

  • A former FinWise employee accessed sensitive data on 689,000 people more than a year after leaving the company
  • Victims likely include those with FinWise loans or accounts serviced by American First Finance, its technology partner
  • FinWise hired security experts, notified authorities, and offered credit monitoring

FinWise Bank, a Utah-based community bank, recently suffered an insider data breach when a former employee accessed sensitive customer data after their employment had ended.

In a new report filed with the Office of the Maine Attorney General, FinWise said that the breach happened on May 31, 2024, but was discovered more than a year later, on June 18, 2025. In total, sensitive data on 689,000 people was compromised.

While the filing does not detail the nature of the stolen files, a data breach notification letter, sent to affected individuals, mentions “full names” and other “data elements”.

Tricking GPT with a “mock-up” request

The company did not explain exactly how the ex-employee accessed the files.

FinWise did say that the data could be related to American First Finance (AFF), a financial services company that provides alternative consumer financing, especially for people with limited, or poor credit history.

FinWise contracts with AFF to offer installment loans to consumers,” the bank explained. “In this arrangement, FinWise is the lender and AFF is the technology provider. FinWise originates the loan and provides funds to the consumer. AFF is contracted to provide the application platform, facilitate the loan origination for FinWise, as well as service the loan on behalf of FinWise.”

The bank hints that those who have had, or applied for, a FinWise installment loan, a lease-to-own account, or a retail installment sales agreement account, are the likely victims of this incident.

After finding out about the attack, the bank did what all companies do when faced with a similar thing: brought in third-party security experts to assess the damage and analyze the attack, notified law-enforcement and other relevant authorities, reached out to affected individuals, and offered one year of free credit monitoring and identity theft protection. The name of the vendor was not disclosed.

Via BleepingComputer

You might also like


Source

A former FinWise employee accessed sensitive data on 689,000 people more than a year after leaving the company Victims likely include those with FinWise loans or accounts serviced by American First Finance, its technology partner FinWise hired security experts, notified authorities, and offered credit monitoring FinWise Bank, a Utah-based community…

Tags: ,
Previous Post
Next Post

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Posts

Archives