On Wednesday, Evolve Bank and Trust, a financial institution popular with fintech startups, announced that it was the victim of a cyberattack and data breach that could have affected its partner companies as well.
the incident, According to the company’s statementincluded “personal data and information of some of Evolve’s retail bank customers and customers of its fintech partners.”
When contacted by TechCrunch, Evolve’s head of communications, Thomas Holmes, said the incident involved a “known cybercriminal organization.”
“It appears that these bad actors have posted illegally obtained data on the dark web,” Holmes said, declining to comment further.
The cybercriminals responsible for the breach appear to be the infamous ransomware gang LockBit, which posted data allegedly stolen from Evolve on its dark web leak site.
Lists evolve A series of companies On its position as partners, they rely on the banking giant to provide some of their financial and lending services. To understand the impact of the Evolve breach on these companies, TechCrunch reached out to Affirm, Airwallex, Alloy, Bond, Branch, Dave, EarnIn, Marqeta, Mastercard, Melio, Mercury, PricePool, Step, Stripe, TabaPay, and Visa.
Only Affirm, EarnIn, Marqeta and Melio responded to requests for comment.
call us
Do you have more information about the Evolve hack and how it impacts our partner companies? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase, Wire @lorenzofb, or email. You can also contact TechCrunch via SecureDrop.
Affirm spokesman Matt Gross told TechCrunch that the company is investigating the incident and “will reach out directly to any affected consumers as we learn more.”
He also stressed She alerted her customers in a post on Xand wrote that the Evolve breach “may have resulted in some personal data and information being compromised” for Affirm customers. The company also said it was safe to use its cards and financial accounts, and that its investigation into the impact of the breach was ongoing.
EarnIn spokeswoman Stephanie Borman said the company is “aware of this incident and is closely monitoring it.”
Marqeta spokeswoman Kelly Kraft told TechCrunch that the company is aware of the hack, and that “Evolve supports a small portion of our overall business.”
“Our affected customers have been notified of this incident, and we are working closely with Evolve to understand their remediation efforts and how our mutual customers may be affected,” Kraft said in an email.
Matan Bar, co-founder and CEO of Melio, told TechCrunch that the company is aware of the breach and is “working diligently with them to determine if Melio or any of our customers have been affected by it.” We will keep our customers updated with any relevant information as we learn more. There were no disruptions to Milio’s operations as a result of this incident.
Another partner of Evolve, fintech startup Mercury, He said on X The Evolve breach affected records associated with the company, “including certain account numbers, deposit balances, business owner names, and emails.”
As more affected companies come forward, the true impact of the Evolve hack on “certain Evolve retail bank customers and fintech partner customers” – in the company’s words – will likely become clearer.
Evolve has been in the news recently for other matters related to its fintech partnerships. On June 14, the Federal Reserve ordered Evolve Bank to “strengthen its risk management programs around fintech partnerships as well as anti-money laundering laws.”
according to Statement from the Federal ReserveThe 2023 audit found that Evolve “engaged in unsafe and unsound banking practices by failing to put in place an effective risk management framework for those partnerships” with fintech companies.
The bank was also linked to the collapse of banking-as-a-service startup Synapse, which provided a service that allowed others – mainly fintech companies – to embed banking into their offerings. When Synapse filed for bankruptcy this year and an attempt to rescue TabaPay’s acquisition of its assets failed, the company blamed its partner bank, Evolve — a saga that continues.
This story has been updated to include comments from Marquita and Milio.