The ransomware attack on Evolve Bank & Trust has now spread to impact additional financial institutions, including fintech businesses Wise and Affirm. After Evolve disclosed that it had fallen victim to the LockBit cybercriminal group in late May, reports of data privacy compromises at Evolve’s partners have continued to surface.

Affirm, the buy-now-pay-later company, revealed to the US Securities and Exchange Commission (SEC) that personal data of Affirm Card holders may have been stolen during the cyberattack on Evolve. Evolve serves as the third-party issuer of the Affirm Card, leading to Affirm being entangled in the fallout of the breach. Affirm has clarified that its own systems have not been compromised, and they are actively investigating the extent of the impact on their users.

The scale of the security breach is still being determined, and as more Evolve partners come forward with disclosures, the number of affected users continues to grow. Wise, a money transfer specialist that stopped working with Evolve last year, announced that some of its users may have been affected by the breach and will receive direct notifications.

Wise shared that Evolve Bank & Trust experienced a data breach, potentially compromising personal information of Wise customers. While the full extent of the data impact is not yet confirmed, sensitive information such as social security numbers, bank account numbers, and contact details may have been exposed. Investigations are ongoing to assess the potential impact on various arms of Evolve’s operations.

Other partners of Evolve, including Mercury and Melio, are also investigating the breach and working to determine if their customers have been affected. The list of partners affected by the breach can be found on Evolve’s website, with Mercury being one of the few partners to publicly acknowledge the incident and take steps to notify impacted customers.

The timing of the breach is especially unfavorable for Evolve, as the Federal Reserve Board and the Arkansas State Bank Department recently highlighted deficiencies in their anti-money laundering practices, risk management, and consumer compliance programs. These issues had already raised concerns about the safety of Evolve’s partnerships with fintech companies, prompting the board to mandate improvements in these areas.

Overall, the aftermath of the ransomware attack on Evolve Bank & Trust has underscored the importance of robust cybersecurity measures and thorough risk management practices in the financial industry. As investigations continue and affected parties work to mitigate the impact of the breach, the focus remains on safeguarding customer data and restoring trust in the financial ecosystem.

Извор линк