FinWise Bank has suffered an insider data breach involving a former employee accessing sensitive corporate customer details. The data breach originated from FinWise and affected American First Finance (AFF). FinWise contracts AFF to offer installment loans to consumers, who usually have limited or poor credit history.
In this arrangement, AFF is the technology provider that handles the loan application process, account setup, repayment, and customer support, while FinWise originates the loans and provides the funds.
“Please note that you may have had, or applied for, a FinWise installment loan, a lease-to-own account, or a retail installment sales agreement account with AFF, which was impacted by this security incident,” FinWise told impacted customers.
However, FinWise and AFF did not say how the former employee accessed the sensitive information and whether the action was malicious or accidental. Disgruntled employees sometimes exploit their access to copy sensitive data for revenge or financial gain.
FinWise insider data breach affects 689,000 America First Finance customers
According to a cyber incident notification that AFF filed with the Office of the Maine Attorney General on behalf of FinWise, the insider data breach affected 689,000 of its customers. It exposed customers’ full names and other undisclosed personally identifiable details, potentially including Social Security Numbers. The filing states that the data breach occurred on May 31, 2024, and was discovered on June 18, 2025.
Upon learning of the insider data breach, FinWise launched an investigation with third-party cyber forensics to determine the scope of the incident. The bank also took additional measures to strengthen its internal controls to prevent unauthorized access in the future.
Additionally, impacted customers will also receive 12 months of complimentary credit monitoring and identity theft protection services. FinWise also advised victims to remain vigilant and monitor their financial statements, accounts, and credit reports for suspicious activity.
Meanwhile, three affected customers have filed different class action lawsuits against FinWise in relation to the insider data breach. While the company believes that the cyber incident will not have any material impact, it anticipates more lawsuits related to the insider data breach.
Nevertheless, the financial services company vowed to defend itself against the confirmed and anticipated lawsuits.
Similar insider data breaches
The FinWise insider data breach occurred hot on the heels of a similar incident affecting Coinbase, after its overseas customer support staff were bribed to leak the personal information of roughly 70,000 customers.
HR SaaS giant Rippling also suffered an insider data breach after a former payroll compliance manager allegedly leaked company secrets to its business rival, Deel, for financial gain.
According to the 2025 Ponemon Cost of Insider Risks Report, the cost of insider risks increased from $16.2 million in 2023 to $17.4 million in 2024. However, the duration of containment reduced from 86 to 81 days during the same period. Ponemon’s 2023 report had also found that the financial services sector had the highest average cost of insider threats.
“Insider threats have become the biggest challenge for cybersecurity teams, with this breach further exemplifying the dangers that come with them,” warned Kevin Kirkwood, CISO at Exabeam. “Organizations must do a better job of prioritizing and segmenting access to sensitive information to prevent one person from being able to access any and all information.”
Exabeam research also warned that 90% of organizations lack the resources to detect and mitigate insider threats. For instance, the FinWise insider breach took over a year to detect and respond.
Subsequently, Exabeam called for organizations to reinforce their defense platforms with solutions that can keep pace with modern threat actors. It also recommended educating their employees on the dangers of insider threats and how to reduce unnecessary or unauthorized access.
