On Friday, the digital payment and financial technology enterprise Wise disclosed that a subset of customer personal details might have been compromised due to a recent security breach at Evolve Bank and Trust.
This incident underlines the ongoing uncertainty regarding the extent of the repercussions stemming from the security lapse at Evolve on affiliated companies—as well as their clientele and user base—with the potential inclusion of yet unidentified firms and startups.
Via a formal announcement on its website, Wise revealed its collaboration with Evolve from 2020 to 2023 for the provision of USD account details. Following the breach at Evolve, it has come to light that certain personal information of Wise customers might have been implicated.
Wise has committed to notifying all its customers who might be impacted by this breach directly via email.
The information shared with Evolve included U.S. customers’ names, addresses, dates of birth, contact information, and Social Security numbers or Employer Identification Numbers. For customers outside the U.S., Wise also transmitted details of an additional identity document.
The exact number of Wise customers affected remains uncertain as the company continues its detailed inquiry into the situation.
Contact Us
If you have further insights on the Evolve incident and its impact on various companies, please reach out to Lorenzo Franceschi-Bicchierai securely through Signal at +1 917 257 1382, or through Telegram, Keybase, and Wire @lorenzofb, or email. TechCrunch can also be contacted via SecureDrop.
A spokesperson for Wise told TechCrunch that the investigation is ongoing and that they are directly contacting potentially affected customers.
“Wise’s infrastructure was uncompromised, and our users can securely access their accounts,” affirmed the spokesperson via email.
When inquired by TechCrunch for inputs, seeking to understand if Evolve had identified the number of partner entities and users impacted and whether these parties had been notified, Eric Helvie, a spokesperson for Evolve, opted not to comment but referred to the official statement available on their website.
Per the statement, Evolve is relentlessly working to manage the repercussions of the cybersecurity incident, with a commitment to keeping stakeholders informed. The breach, identified as a ransomware attack by the LockBit cybercrime group triggered by a malicious link clicked by an employee in May, led to unauthorized access and downloading of customer information. Despite data encryption by the culprits, Evolve had backups that minimized data loss and operational disruptions.
Evolve also assured to personally notify every individual whose personal data was compromised.
To date, Evolve partners like Affirm, EarnIn, Marqeta, Melio, and Mercury have confirmed they are examining the impact of Evolve’s breach on their customers. Fintech journalist Jason Mikula posted on X about a notice Branch, another partner, issued to a customer. Branch’s response to TechCrunch’s repeated inquiries remains pending.
The narrative has been updated to incorporate the comment from Wise’s spokesperson.
Compiled by Techarena.au.
Fanpage: TechArena.au
Watch more about AI – Artificial Intelligence
