Connect with us

Hi, what are you looking for?


Data Breaches

Evolve Bank Shares Data Breach Details as Fintech Firms Report Being Hit

Fintech companies Wise and Affirm are impacted by the data breach at Evolve Bank, which has shared additional details on the recent ransomware attack.

Evolve bank data breach

Fintech companies Wise and Affirm have revealed that the recent data breach suffered by Evolve Bank impacts some of their customers.

The notorious ransomware group LockBit recently threatened to leak data allegedly stolen from the US Federal Reserve. The cybercriminals did leak data on June 26, but it turned out that the files actually originated from an Arkansas-based financial organization, Evolve Bank & Trust.

The bank almost immediately confirmed that the hackers apparently gained access to customer and financial technology partner information. 

Wise, a fintech firm whose services are widely used for international money transfers, revealed late last week that the Evolve data breach impacts some of its customers. Wise had worked with Evolve to provide USD account details between 2020 and 2023. While the companies no longer work together, it seems Evolve was still storing some data provided by Wise. 

“For Evolve Bank & Trust to provide USD account details to Wise customers, they were required to hold identifying information. The information that we shared with Evolve Bank & Trust to provide USD account details included name, address, date of birth, contact details, SSN or EIN for US customers, or another identity document number for non-US customers,” Wise explained. “Evolve has not yet confirmed to us what data has been impacted.”

Wise highlighted that its systems are not impacted by the data breach. Customers whose data may have been compromised will be directly contacted by the company. 

Buy-now-pay-later services provider Affirm has revealed in an SEC filing that some of its customers were also impacted. 

“Because [Affirm] shares the personal information of Affirm Card users with Evolve to facilitate the issuance and servicing of Affirm Cards, [Affirm] believes that the personal information of Affirm Card users was compromised as part of Evolve’s cybersecurity incident,” Affirm said. “However, the company’s information systems were not compromised, nor was the ability for Affirm Card holders to continue using their Affirm Card.” 

Advertisement. Scroll to continue reading.

Evolve on Monday shared additional information on the security incident. The company has confirmed that the LockBit ransomware group was behind the attack, and its investigation revealed that the cybercriminals gained access to its systems after an employee clicked on a malicious link.

In addition to stealing data, the hackers deployed file-encrypting ransomware on Evolve systems, but the bank said it had backups in place and claimed that data loss and impact on its operations were limited. 

“There is no evidence that the criminals accessed any customer funds, but it appears they did access and download customer information from our databases and a file share during periods in February and May,” Evolve said.

It added, “We refused to pay the ransom demanded by the threat actor. As a result, they leaked the data they downloaded. They also mistakenly attributed the source of the data to the Federal Reserve Bank.”

At this stage in the investigation, it appears that the cybercriminals obtained information such as names, Social Security numbers, bank account numbers, and contact information belonging to most of Evolve’s personal banking customers, as well as customers of its Open Banking partners. The company has also learned that personal information belonging to its employees was likely also compromised. 

Related: Bank of America Customer Data Stolen in Data Breach

Related: iOS Trojan Collects Face and Other Data for Bank Account Hacking 

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.


Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.


People on the Move

SaaS security company AppOmni has hired Joel Wallenstrom as its General Manager.

FTI Consulting has appointed Brett Callow as Managing Director in its Cybersecurity & Data Privacy Communications practice.

Mobile security firm Zimperium has welcomed David Natker as its VP of Global Partners and Alliances.

More People On The Move

Expert Insights