The recent data breach at Evolve Bank & Trust has significantly impacted customers of several fintech companies, including Wise and Affirm. The ransomware gang LockBit was responsible for this incident, which has caused serious worries about the security of consumer data at several financial technology companies.
Notably, data from Evolve Bank & Trust in Arkansas was discovered to be the source of the data that the well-known ransomware gang LockBit had first claimed to have stolen from the US Federal Reserve. Evolve promptly verified that hackers had obtained private client data and information from partners in financial technology.
Wise, a company well-known for providing international money transfer services, revealed that certain customer data has been hacked. In order to provide USD account details, Wise collaborated with Evolve from 2020 to 2023. This involved exchanging personal data, including names, addresses, dates of birth, phone numbers, Social Security numbers (SSNs) or Employer Identification Numbers (EINs) for customers in the United States, and other identity document numbers for customers in other countries. Despite Wise's termination of its partnership with Evolve, the bank kept a portion of this data, which was compromised. Customers are reassured by Wise that its systems are safe and unaffected by the incident, and the company is aggressively contacting people whose data may have been compromised.
The buy-now-pay-later company Affirm also confirmed that some of its clients were affected by the data hack. Affirm disclosed in an SEC filing that data sharing required for card issuance and maintenance resulted in the compromise of consumers' personal information. But Affirm has stated that there was no security incident and that customers can keep using their Affirm Cards as usual.
Evolve Bank has acknowledged that the LockBit group was accountable for the compromise in a transparent manner. An employee's click on a malicious link caused the breach, which gave hackers access to and the ability to steal customer data from the bank's databases and file shares between the months of February and May. Evolve has backups in place, which reduced data loss and operational impact even though the hackers also used ransomware that encrypts files. According to Evolve, there is no proof that the thieves were able to access client funds. Nonetheless, it's possible that private data including names, SSNs, bank account numbers, and contact information was stolen. The bank has promised to personally notify everyone who is impacted, and it is working nonstop to resolve the cybersecurity issue.
The consequences of the Evolve Bank hack go beyond Affirm and Wise. EarnIn, Marqeta, Melio, Mercury, and Branch are among the other fintech partners looking into the effect on their clientele. It is unclear how many consumers and third-party businesses were impacted in total, underscoring the widespread risk that these cybersecurity events offer in the interconnected finance sector.
The way in which Evolve handled the attack and the openness exhibited by impacted organizations, such as Wise and Affirm, highlight the significance of strong cybersecurity protocols and prompt communication in preserving client confidence during times of crisis. Affected customers are advised to stay alert and heed their financial service providers' advice in order to reduce potential risks while investigations are ongoing.