Evolve Bank and Trust, a prominent financial institution favoured by fintech startups, disclosed on Wednesday that it was victim to a cyberattack and data breach that may have impacted its affiliated companies. According to the company's statement, the incident involved the personal information and data of some Evolve retail bank customers.
The cybercriminals linked to the breach are believed to be the infamous ransomware gang LockBit, which purportedly shared data stolen from Evolve on its dark web leak site. Evolve's website lists several companies as partners that rely on the bank to provide various financial and lending services.
The spokesperson of one of the partner companies Affirm, posted on X that the company is investigating the incident and will directly communicate with affected consumers as more information becomes available. Affirm also notified its customers about the breach and assured them that it is safe to use their card and Money Accounts while the investigation continues.
As an Affirm Card user, we wanted to alert you of a recent cybersecurity incident at Evolve Bank and Trust, an issuing partner on the Affirm Card (not an originating bank partner for Affirm loans). pic.twitter.com/3EritQ3bSN
- Affirm (@Affirm) June 27, 2024Other partner companies also spoke up. EarnIn's spokesperson, Stephanie Borman, mentioned that the company is closely monitoring the situation. Marqeta's spokesperson, Kelly Kraft, acknowledged the breach and highlighted that Evolve supports a portion of their business. Melio's co-founder and CEO, Matan Bar, confirmed awareness of the breach and assured customers that operations remain unaffected. Finally, Mercury, another partner of Evolve, disclosed that the breach impacted company records including account numbers, deposit balances, business owner names, and emails.
We are aware of a cybersecurity attack that breached the security systems of one of our partner banks, Evolve Bank & Trust, which leaked their records, including some account numbers, deposit balances, business owner names, and emails associated with Mercury and other fintech...
- Mercury (@mercury) June 26, 2024As more affected companies step forward, the full extent of the breach's impact on Evolve's customers and partners will likely become clearer. Evolve has recently made headlines for issues related to its fintech collaborations, with the Federal Reserve ordering the bank to enhance its risk management programs concerning fintech partnerships and anti-money laundering laws.