I saw this article this morning and braught it up as part of looking around before TSB this morning.
There”s a lot I can tackle including the fact that we are learning about this over 1 year after the fact. And, as I suspected, it was an insider threat.
The first set of paragraphs of this article say:
The 2024 FinWise data breach serves as a stark example of the growing insider threats faced by modern financial institutions. Unlike typical cyberattacks originating from external hackers, this incident stemmed from unauthorized access by a former employee using retained credentials.
Here’s the cicker from the second paragraph.
It says:
On May 31, 2024, the ex-employee accessed FinWise Bank’s systems after leaving the company and leaked sensitive personal information belonging to 689,000 customers of American First Finance (AFF). Even more alarming, this unauthorized access went undetected for more than a year before being discovered by the bank on June 18, 2025.
If the bank in question had honeypots that detected this, than it would’ve never been an issue to begin with.
I remember an advertiser on TWIT who sold these devices that allowed one to know if other devices were connected and/or if something suspicious was going on. While the price of these devices were quite high at the time, I could understand how valuable they can be.
I could sit here and go through the article and pick it apart, but i think that reading FinWise data breach shows why encryption is your last defense and you can comment on this by submitting a comment.
Let’s see how this goes.
Discover more from The Technology blog and podcast
Subscribe to get the latest posts sent to your email.