Impact Of Evolve Bank Ransomware Attack Hits Fintech Industry

July 31, 2024

Ransom Attack On Fintech Company Yields Employee Information

As reported by Nate Nelson in DarkReading, the Evolve Bank ransomware attack has turned into a significant issue for several companies associated with the Memphis-based bank. Two of these companies have already mentioned potential negative impacts on customer data.

According to Evolve, one of its employees was phished in late May. The attackers encrypted some data and downloaded customer information from databases and a file share. The attack had little impact on company operations because of backups.

The attacker, LockBit, was removed from Evolve’s systems in short order, but after the company refused to pay the ransom, the group leaked the data it had stolen.

Evolve offers business-to-business (B2B), banking-as-a-service, and payments processing technologies to other fintech companies, so the hack has affected more than its own banking customers.

London-based Wise partnered with Evolve from 2020 to 2023 to “provide USD account details” to its customers, according to a statement. In order to enable those services, Wise shared its customers’ names, addresses, dates of birth, contact details, and ID numbers, including employer identification numbers and Social Security numbers. Wise says that information “may have been involved” in Evolve’s breach.

Affirm, a buy now, pay later company, might be in the same boat as Wise. It uses Evolve to issue and service its Affirm Cards. Those cards were apparently not compromised, but the personal information Affirm shared with Evolve may have been.

“The full scope, nature, and impact of the incident on the Company and Affirm Card users, including the extent to which there has been unauthorized access to Affirm Card user Personal Information, are not yet known,” said the company, in an 8-K filing with the SEC.

Stripe and Shopify are among Evolve’s other partners in fintech, all of which are investigating whether their customers’ data was affected.

Sign up for our weekly newsletters specifically curated to different practice areas: litigation, cybersecurity & data privacy, legal ops, and compliance.

Critical intelligence for general counsel

Stay on top of the latest news, solutions and best practices by reading Daily Updates from Today's General Counsel.

Daily Updates

Sign up for our free daily newsletter for the latest news and business legal developments.

Scroll to Top