Incident & Breach Response , Security Operations
Evolve Ransomware Hack Affects Affirm and Fintech Companies
Startups and Evolve Client Are Monitoring the Situation for Potential FalloutA ransomware attack against Evolve Bank & Trust triggered a small cascade of secondary breach notifications by current and past clients of the banking-as-a-service company.
See Also: Top Reasons Why Legacy Data Protection Fails and What to do About It
Russian-speaking ransomware-as-a-service operation LockBit attacked the Arkansas company in May after "an employee inadvertently clicked on a malicious internet link," Evolve disclosed.
Evolve said preliminary investigation results show that hackers stole names, Social Security numbers, bank account numbers and contact information for most of its personal banking customers, as well as for customers of its banking-as-a-platform business.
Among the clients affected by the data breach is Affirm, the "buy now, pay later" consumer credit provider. In a regulatory filing, Affirm said it "believes that the personal information of Affirm Card users was compromised as part of Evolve's cybersecurity incident." Affirm shares customer information with Evolve as part of the card issuance process.
The filing says the ransomware incident didn't affect Affirm customers' ability to continue buying things now and paying for them later.
Also caught up in the breach is money transfer service Wise, which said it worked with Evolve from 2020 until 2023. Data shared with the Arkansas company included name, address, contact information and data of birth, as well as Social Security number or similar identifiers for international customers.
"Evolve has not yet confirmed to us what data has been impacted," Wise said.
High-interest, low credit score, non-bank credit card company Mercury Financial, which uses Evolve to issue cards, is telling customers that hackers may have stolen their data. Information at risk includes "some account numbers, deposit balances, business owner names, and emails associated with mercury and other fintech accounts."
Fintech startups and Evolve clients EarnIn, Marqeta and Melio earlier told TechCrunch they are monitoring the incident for potential fallout.
LockBit initially claimed the extortion episode as an attack against the U.S. Federal Reserve - possibly because an affiliate spotted a stolen document that said "United States Federal Reserve" and assumed the victim was the central bank. The Board of Governors of the Federal Reserve System, working with the Arkansas State Bank Department, on June 14 issued a cease and desist order against Evolve Bancorp and Evolve Bank & Trust, citing shortcomings in the bank's "anti-money laundering, risk management and consumer compliance programs" (see: Bogus: LockBit's Claimed Federal Reserve Ransomware Hit).