Money transfer and fintech company Wise announced on Friday that some of its customers’ personal data may have been stolen in a recent data breach at Evolve Bank and Trust.
The news highlights that the ramifications of the Evolve data breach for third-party companies – and their customers and users – are still unclear, and likely involve as-yet-unknown companies and startups.
In a statement published on its official websiteThe company worked with Evolve from 2020 through 2023 “to provide account details in US dollars,” Wise wrote. And given the recent Evolve hack, “the personal information of some Wise customers may have been involved.”
“We will be sending emails to all Wise customers who we believe may have been directly affected by this data breach,” the company wrote.
Wise said it shared personal data of U.S. customers with Evolve, which included names, addresses, dates of birth, contact details, and Social Security or employer identification numbers. For non-U.S. customers, Wise also shared “another identity document number.”
At this point, it’s not clear how many Wise customers are affected, as the company wrote that it is still “actively investigating.”
call us
Do you have more information about the Evolve hack, and how it affects other companies? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase, Wire @lorenzofb, or email. You can also contact TechCrunch via SecureDrop.
Wise did not respond to a request for comment to clarify the number of its customers whose data was stolen.
When TechCrunch reached out to him for comment, asking whether Evolve knew how many partner companies — both current and former — and end users were affected by the breach, and whether Evolve had already contacted all of them, Evolve spokesman Eric Helvey declined to comment, noting that The company’s official statement on its website.
As of this writing, the statement said Evolve “continues to work around the clock to respond to the recent cybersecurity incident” and promised to provide further updates. The company said the breach was a ransomware attack by cybercrime gang LockBit, due to an employee clicking on a malicious link in May this year.
“There is no evidence that the criminals accessed any customer funds, but it appears they accessed and downloaded customer information from our databases and file sharing during the February and May periods,” the statement read. “The threat actor also encrypted some data within our environment. However, we have backups available and experienced limited data loss and impact to our operations.
The Company also undertakes to notify “every individual whose personal information has been affected” directly.
So far, Affirm, EarnIn, Marqeta, Melio, and Mercury — all Evolve partners — have acknowledged that they are investigating how the Evolve breach affected their customers. On Monday, fintech reporter Jason Mikula Shared on X A notification sent to the customer by Branch, another Evolve partner. Branch has not yet responded to repeated requests for comment from TechCrunch.