Incident & Breach Response , Security Operations

Evolve Ransomware Hack Affects Affirm and Fintech Companies

Startups and Evolve Client Are Monitoring the Situation for Potential Fallout
Evolve Ransomware Hack Affects Affirm and Fintech Companies
A ransomware attack didn't stop Affirm customers from buying now and paying later. (Image: Shutterstock)

A ransomware attack against Evolve Bank & Trust triggered a small cascade of secondary breach notifications by current and past clients of the banking-as-a-service company.

See Also: Top Reasons Why Legacy Data Protection Fails and What to do About It

Russian-speaking ransomware-as-a-service operation LockBit attacked the Arkansas company in May after "an employee inadvertently clicked on a malicious internet link," Evolve disclosed.

Evolve said preliminary investigation results show that hackers stole names, Social Security numbers, bank account numbers and contact information for most of its personal banking customers, as well as for customers of its banking-as-a-platform business.

Among the clients affected by the data breach is Affirm, the "buy now, pay later" consumer credit provider. In a regulatory filing, Affirm said it "believes that the personal information of Affirm Card users was compromised as part of Evolve's cybersecurity incident." Affirm shares customer information with Evolve as part of the card issuance process.

The filing says the ransomware incident didn't affect Affirm customers' ability to continue buying things now and paying for them later.

Also caught up in the breach is money transfer service Wise, which said it worked with Evolve from 2020 until 2023. Data shared with the Arkansas company included name, address, contact information and data of birth, as well as Social Security number or similar identifiers for international customers.

"Evolve has not yet confirmed to us what data has been impacted," Wise said.

High-interest, low credit score, non-bank credit card company Mercury Financial, which uses Evolve to issue cards, is telling customers that hackers may have stolen their data. Information at risk includes "some account numbers, deposit balances, business owner names, and emails associated with mercury and other fintech accounts."

Fintech startups and Evolve clients EarnIn, Marqeta and Melio earlier told TechCrunch they are monitoring the incident for potential fallout.

LockBit initially claimed the extortion episode as an attack against the U.S. Federal Reserve - possibly because an affiliate spotted a stolen document that said "United States Federal Reserve" and assumed the victim was the central bank. The Board of Governors of the Federal Reserve System, working with the Arkansas State Bank Department, on June 14 issued a cease and desist order against Evolve Bancorp and Evolve Bank & Trust, citing shortcomings in the bank's "anti-money laundering, risk management and consumer compliance programs" (see: Bogus: LockBit's Claimed Federal Reserve Ransomware Hit).


About the Author

David Perera

David Perera

Editorial Director, News, ISMG

Perera is editorial director for news at Information Security Media Group. He previously covered privacy and data security for outlets including MLex and Politico.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing paymentsecurity.io, you agree to our use of cookies.