Fintech

Fintech firm Wise says some customers were affected by Evolve Bank data breach

Published

12 months ago

on

Money transfer and fintech company Wise announced on Friday that some of its customers’ personal data may have been stolen the recent data breach at Evolve Bank and Trust.

The news highlights that the full implications of the Evolve data breach for third-party companies, as well as their customers and users, are still unclear, and are likely to affect as-yet unknown companies and startups.

In a statement published on its official websiteWise wrote that the company worked with Evolve from 2020 to 2023 “to provide USD account details.” And since Evolve recently suffered a breach, “personal information of some Wise customers may have been affected.”

“We will be emailing all Wise customers who we believe may have been directly impacted by this data breach,” the company wrote.

Wise said it shared personal data of U.S. customers with Evolve, information that included names, addresses, dates of birth, contact details, and Social Security numbers or Employer Identification Numbers. For non-U.S. customers, Wise also shared “another government-issued identification number.”

At this point, it’s unclear how many Wise customers were affected, as the company wrote that it is still “actively investigating.”

Contact us

Do you have more information on the Evolve breach and how it is impacting other companies? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or e-mail. You can also contact TechCrunch via SafeDrop.

Wise did not respond to a request for comment seeking clarity on how many of its customers have been subject to data theft.

When reached for comment by TechCrunch, asking whether Evolve knows how many partner companies – both current and former – and end users were affected by the breach and whether Evolve has already contacted all of them, Evolve spokesperson Eric Helvie declined to comment and referred the company’s official statement on its website.

As of this writing, the statement said Evolve “continues to work around the clock to respond to the recent cybersecurity incident” and promised to provide further updates. The company said the breach was a ransomware attack by the LockBit cybercriminal group, resulting from an employee clicking on a malicious link in May of this year.

“There is no evidence that the attackers accessed customer funds, but it appears that they accessed and downloaded customer information from our databases and a file share during the February and May periods,” the statement reads. “The threat actor also encrypted some data in our environment. However, we have backups and have seen limited data loss and limited impact to our operations.”

The company also promises to directly inform “any individual whose personal information has been affected.”

So far Affirm, EarnIn, Marqeta, Melio and Mercury, all partners of Evolve, they recognized who are investigating how the Evolve breach impacted their customers. On Monday, fintech reporter Jason Mikula shared on X a notification that Branch, another Evolve partner, had sent to a customer. Branch has yet to respond to repeated requests for comment from TechCrunch.

Source

Related Topics:

Leave a Reply

Your email address will not be published. Required fields are marked *

Información básica sobre protección de datos Ver más

  • Responsable: Miguel Mamador.
  • Finalidad:  Moderar los comentarios.
  • Legitimación:  Por consentimiento del interesado.
  • Destinatarios y encargados de tratamiento:  No se ceden o comunican datos a terceros para prestar este servicio. El Titular ha contratado los servicios de alojamiento web a Banahosting que actúa como encargado de tratamiento.
  • Derechos: Acceder, rectificar y suprimir los datos.
  • Información Adicional: Puede consultar la información detallada en la Política de Privacidad.

Trending

Exit mobile version