Revolut
Company Details
Linkedin ID:
revolut
Website:
Employees number:
17,316
Number of followers:
1,235,820
NAICS:
52
Industry Type:
Homepage:
revolut.com
IP Addresses:
0
Company ID:
REV_2683004
Scan Status:
In-progress
Revolut Company CyberSecurity Posture
revolut.com
People deserve more from their money. More visibility, more control, and more freedom. Since 2015, Revolut has been on a mission to deliver just that. Our powerhouse of products help our 50+ million customers get more from their money every day. As we continue our lightning-fast growth, 2 things are essential to our success: our people and our culture. In recognition of our outstanding employee experience, we've been certified as a Great Place to Work™. So far, we have 10,000+ people working around the world, from our offices and remotely, to help us achieve our mission. And we're looking for more brilliant people. People who love building great products, redefining success, and turning the complexity of a chaotic world into the simplicity of a beautiful solution.
Revolut A.I CyberSecurity Scoring
Revolut Risk Score (AI oriented)Between 750 and 799
Revolut
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Revolut Global Score (TPRM)XXXX
Revolut
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Revolut Company CyberSecurity News & History
Past Incidents
2
Attack Types
2
Revolut
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Revolut experienced a data breach on September 11, 2022, where a third-party accessed the personal information of 50,150 users. This information included names, home and email addresses, and partial payment card information. Although Revolut stated that card details were masked, the breach still represents a significant invasion of privacy for the affected users. The Lithuanian government mentioned that Revolut took swift action to cut off the attacker's access and mitigate the incident. This incident raised concerns about the security measures in place to protect sensitive customer data.
Revolut
Cyber Attack
Rankiteo Explanation
Attack threatening the organization's existence
Description: Revolut suffered from a cyber attack incident that compromised the personal details of more than 50,000 people. An unauthorized third party had access to some of their information as a result, including contact and transactional details, card information, pin numbers, and passwords were not collected. Revolut advised affected customers to be extra cautious as there may be an increased risk of impersonation or fraud.
Revolut Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Revolut
Incidents vs Financial Services Industry Average (This Year)
No incidents recorded for Revolut in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Revolut in 2025.
Incident Types Revolut vs Financial Services Industry Avg (This Year)
No incidents recorded for Revolut in 2025.
Incident History — Revolut (X = Date, Y = Severity)
Revolut cyber incidents detection timeline including parent company and subsidiaries
Revolut Company Subsidiaries
People deserve more from their money. More visibility, more control, and more freedom. Since 2015, Revolut has been on a mission to deliver just that. Our powerhouse of products help our 50+ million customers get more from their money every day. As we continue our lightning-fast growth, 2 things are essential to our success: our people and our culture. In recognition of our outstanding employee experience, we've been certified as a Great Place to Work™. So far, we have 10,000+ people working around the world, from our offices and remotely, to help us achieve our mission. And we're looking for more brilliant people. People who love building great products, redefining success, and turning the complexity of a chaotic world into the simplicity of a beautiful solution.
Loading...
Revolut Similar Companies
The Max Group
Max Group is a $7 billion diversified Indian conglomerate founded by Mr. Analjit Singh with a strong presence across Senior Care, Life Insurance, and Real Estate. Guided by a purpose-driven approach, we aim to create meaningful solutions that improve lives and deliver lasting value. Max India Lim
TIAA
At TIAA, we believe everyone has the right to retire with dignity. For more than 100 years, we’ve provided retirement plans, insurance, and investment services, empowering millions of people— in education, healthcare, and nonprofit —with the knowledge, guidance, and lifetime income needed to plan th
Northwestern Mutual
Northwestern Mutual is here for what’s most important—helping families and businesses experience the freedom of financial security for over 160 years. Through our personalized, holistic approach, including both insurance and investments, we’re helping people make the most of life today, and for days
Wells Fargo
Wells Fargo & Company (NYSE: WFC) is a diversified, community-based financial services company with approximately $1.9 trillion in assets. Wells Fargo’s vision is to satisfy our customers’ financial needs and help them succeed financially. Founded in 1852 and headquartered in San Francisco, Wells Fa
CIMB
CIMB Group is a leading ASEAN universal bank, one of the largest Asian investment banks and one of the world's largest Islamic banks. We are headquartered in Kuala Lumpur, Malaysia and offer consumer banking, commercial banking, wholesale banking, Islamic banking, and asset management products and
Dubai Holding
Dubai Holding is a diversified global investment company that continues to power Dubai’s growth across 10 key sectors, including real estate, hospitality, leisure & entertainment, media, ICT, design, education, retail, manufacturing & logistics and science. Since 2004, we have made strides with an
Charles Schwab
Charles Schwab is a different kind of investment services firm – one that strives to disrupt the status quo of the traditional Wall Street approach on behalf of our clients. We believe today, as we did on Day 1, that when you find ways to improve the investing experience for your clients, then busin
Block is one company built from many blocks, all united by the same purpose of economic empowerment. The blocks that form our foundational teams — People, Finance, Counsel, Hardware, Information Security, Platform Infrastructure Engineering, and more — provide support and guidance at the corporate l
Edward Jones is a leading North American financial services firm in the U.S. and through its affiliate in Canada. The firm’s more than 20,000 financial advisors throughout North America serve more than 9 million clients with a total of $2.2 trillion in client assets under care as of December 31, 202
.png)
Revolut CyberSecurity News
November 17, 2025 09:09 AM
Revolut expanding capabilities with Booking.com partnership
Fintech Revolut has announced a partnership with Booking.com to integrate its payment technology into the travel planning website's system.
November 06, 2025 01:52 PM
They say you want to Revolut shun...
The Island's Cyber Security Centre is warning people about phone calls from scammers pretending to be from the online bank Revolut.
November 06, 2025 08:00 AM
8 Best Defense Stocks in November 2025
Here's what you need to know about investing in the defense sector and how to pick where your money should go.
October 14, 2025 07:00 AM
Regulatory Caution Delays Revolut’s Full UK Banking Licence
Regulators are holding up Revolut's full UK banking licence amid concerns about whether its risk controls can match rapid global expansion,...
August 08, 2025 07:00 AM
THG, Boohoo, Revolut: This week’s best read stories
Rumours of THG selling more assets after Claremont sale; pressure grows on Boohoo to release full year's results & Revolut to fill 428...
August 05, 2025 07:00 AM
Cybersecurity jobs available right now: August 5, 2025
Here are the worldwide cybersecurity job openings available as of August 5, 2025, including on-site, hybrid, and remote roles.
July 21, 2025 09:57 AM
Funding Your Casino Account with Revolut in 2025
Using Revolut to deposit funds into your casino account is easy and secure. Learn how Revolut's features for online gambling deposits stand out.
July 21, 2025 07:00 AM
Revolut announces more than 400 new roles across Western Europe
The roles are to be filled across Ireland, France, Germany, Italy, Portugal and Spain over the next few years.
July 21, 2025 07:00 AM
Revolut to fill 400 roles amid western European recruitment drive
Revolut is advertising the availability of 400 new roles to be filled across western Europe by the end of 2029.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Revolut CyberSecurity History Information
Official Website of Revolut
The official website of Revolut is https://www.revolut.com.
Revolut’s AI-Generated Cybersecurity Score
According to Rankiteo, Revolut’s AI-generated cybersecurity score is 764, reflecting their Fair security posture.
How many security badges does Revolut’ have ?
According to Rankiteo, Revolut currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Revolut have SOC 2 Type 1 certification ?
According to Rankiteo, Revolut is not certified under SOC 2 Type 1.
Does Revolut have SOC 2 Type 2 certification ?
According to Rankiteo, Revolut does not hold a SOC 2 Type 2 certification.
Does Revolut comply with GDPR ?
According to Rankiteo, Revolut is not listed as GDPR compliant.
Does Revolut have PCI DSS certification ?
According to Rankiteo, Revolut does not currently maintain PCI DSS compliance.
Does Revolut comply with HIPAA ?
According to Rankiteo, Revolut is not compliant with HIPAA regulations.
Does Revolut have ISO 27001 certification ?
According to Rankiteo,Revolut is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Revolut
Revolut operates primarily in the Financial Services industry.
Number of Employees at Revolut
Revolut employs approximately 17,316 people worldwide.
Subsidiaries Owned by Revolut
Revolut presently has no subsidiaries across any sectors.
Revolut’s LinkedIn Followers
Revolut’s official LinkedIn profile has approximately 1,235,820 followers.
NAICS Classification of Revolut
Revolut is classified under the NAICS code 52, which corresponds to Finance and Insurance.
Revolut’s Presence on Crunchbase
Yes, Revolut has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/revolut.
Revolut’s Presence on LinkedIn
Yes, Revolut maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/revolut.
Cybersecurity Incidents Involving Revolut
As of November 27, 2025, Rankiteo reports that Revolut has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
Revolut has an estimated 29,518 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Revolut ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach and Cyber Attack.
How does Revolut detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with advised affected customers to be extra cautious, and containment measures with cut off the attacker's access..
Incident Details
Can you provide details on each incident ?
Title: Revolut Data Breach
Description: Revolut suffered from a cyber attack incident that compromised the personal details of more than 50,000 people. An unauthorized third party had access to some of their information as a result, including contact and transactional details, card information, pin numbers, and passwords were not collected. Revolut advised affected customers to be extra cautious as there may be an increased risk of impersonation or fraud.
Type: Data Breach
Threat Actor: Unauthorized Third Party
Title: Revolut Data Breach
Description: Revolut experienced a data breach on September 11, 2022, where a third-party accessed the personal information of 50,150 users. This information included names, home and email addresses, and partial payment card information. Although Revolut stated that card details were masked, the breach still represents a significant invasion of privacy for the affected users. The Lithuanian government mentioned that Revolut took swift action to cut off the attacker's access and mitigate the incident. This incident raised concerns about the security measures in place to protect sensitive customer data.
Date Detected: 2022-09-11
Type: Data Breach
Threat Actor: Third-party
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach REV101719922
Data Compromised: Contact details, Transactional details, Card information
Identity Theft Risk: High
Payment Information Risk: High
Incident : Data Breach REV422050724
Data Compromised: Names, Home and email addresses, Partial payment card information
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Contact Details, Transactional Details, Card Information, , Personal Information and .
Which entities were affected by each incident ?
Incident : Data Breach REV101719922
Entity Name: Revolut
Entity Type: Financial Services
Industry: Fintech
Customers Affected: 50000
Incident : Data Breach REV422050724
Entity Name: Revolut
Entity Type: Financial Services
Industry: Financial Technology
Customers Affected: 50,150
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach REV101719922
Communication Strategy: Advised affected customers to be extra cautious
Incident : Data Breach REV422050724
Containment Measures: cut off the attacker's access
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach REV101719922
Type of Data Compromised: Contact details, Transactional details, Card information
Number of Records Exposed: 50000
Sensitivity of Data: High
Personally Identifiable Information: Yes
Incident : Data Breach REV422050724
Type of Data Compromised: Personal information
Number of Records Exposed: 50,150
Sensitivity of Data: medium
Personally Identifiable Information: nameshome and email addresses
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by cut off the attacker's access.
Investigation Status
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Advised affected customers to be extra cautious.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach REV101719922
Customer Advisories: Advised affected customers to be extra cautious
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was Advised affected customers to be extra cautious.
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Unauthorized Third Party and Third-party.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2022-09-11.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were contact details, transactional details, card information, , names, home and email addresses, partial payment card information and .
Response to the Incidents
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was cut off the attacker's access.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were card information, transactional details, contact details, names, home and email addresses and partial payment card information.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 50.6K.
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Advised affected customers to be extra cautious.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=revolut' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
