Varo Bank (Varo) has sent notices of a data breach to an undefined number of customers who had their accounts accessed by unauthorized attackers using valid credentials, known as “credential stuffing” attacks.
Varo Bank is an all-digital bank that has made a name for itself by focusing on technology-driven banking solutions and appealing to consumers who prefer managing their finances via mobile apps. Its emphasis on low fees, high-interest savings options, and budgeting tools has attracted a customer base, particularly among tech-savvy and younger demographics.
The Varo Bank app is available on the Apple App Store and the Google Play store, where it has over 5 million downloads.
On March 12, 2024, Varo Bank observed suspicious activity targeting a specific subset of customer accounts. Upon discovery, the bank quickly acted to block the suspicious activity and initiated a thorough investigation. The investigation concluded that an unauthorized party had used stolen customer credentials to access Varo accounts.
“Varo believes that your credentials were used by an unauthorized third party to log in to your Varo account.”
Varo
Varo completed its investigation on or about March 27, 2024, identifying the data types that were potentially accessible to the unauthorized party. However, it took the firm until May 7, 2024, to begin the circulation of notifications to impacted users.
The data breach potentially exposed sensitive customer information, including:
- Names
- Addresses
- Email addresses
- Phone numbers
- Bank account numbers
- Last four digits of Social Security numbers
The exposure of the above data raises risks such as identity theft, financial fraud, and phishing attacks. The privacy breach aspect, including home addresses and phone numbers could also lead to unwanted contact, harassment, and psychological stress.
Varo Bank says it responded promptly to the breach by securing affected accounts and reviewing its customer portal to ascertain the scope of the data exposure. The firm also offers affected customers free credit monitoring services through TransUnion's myTrueIdentity for 12 months.
Customers are advised to stay vigilant by monitoring their account statements and credit reports for any suspicious activity. Varo also recommends that customers regularly review and update their security settings and passwords.
The Post Millennial Data Breach and Leak Hits 26 Million Accounts
AGREE 100%
I recieved a text stating my my Varo account has recieved an unidentified deposit & to confirm or return. Strange thing is, I never heard of this bank let alone opened an account. Digital banking is the new disaster, robbery, hard to get a hold of a humanbeing to speak with anymore let alone customer service.
my account is not accessible number has been changed. email has changed. I had 1200 in there.
I believe my data has been breached at Varo Bank , the IRS deposited $650 into my account on July 2nd yet I have not received it and I am getting no answers from Representatives at this bank I need to know where my money is and how I can get it back
Is Varo Bank currently running a contest and advising customers they have won $1000.00?
This text said that I did but wants my phone
number and E,-mail. Vao Bank has both. Is this
a Scam? Text sent to me 9-24-24