Remittance and fintech company Wise said on Friday that some of its customers’ personal data may have been stolen in a recent data breach at Evolve Bank & Trust.
The news highlights that it is still unknown how the Evolve data breach will impact third-party companies and their customers and users, likely including as yet unknown companies and startups.
In a statement published on its official websiteWise wrote that the company worked with Evolve “to provide U.S. dollar account details” from 2020 to 2023, and given that Evolve was recently breached, “it is possible that some of the personal information of Wise customers was included.”
“We will be directly emailing all Wise customers who we believe may have been affected by this data breach,” the company wrote.
Wise Bank said it shared personal information of its U.S. customers with Evolve, including names, addresses, dates of birth, contact details, and Social Security or employer identification numbers. For customers outside the U.S., Wise Bank also shared “alternative identification numbers.”
It’s unclear at this time how many Wise customers were affected, but the company says it is still “actively investigating.”
Wise did not respond to a request for comment to clarify how many customers’ data was stolen.
When reached for comment by TechCrunch, Evolve asked whether it knew how many partners (both existing and current) and end users were affected by the breach and whether the company had already contacted all of them. Evolve spokesperson Eric Helvie declined to comment. Official statement on the company’s website.
At the time of writing, Evolve said in a statement that it was “continuing to work around the clock to respond to the recent cybersecurity incident” and would provide further updates. The company said the breach was caused by an employee clicking on a malicious link in May of this year, resulting in a ransomware attack perpetrated by the LockBit cybercrime group.
“While we have no evidence that the criminals accessed customer funds, they appear to have accessed and downloaded customer information from our databases and file shares between February and May,” the statement read. “The attackers also encrypted data within our environment; however, we had backups in place and data loss and impact to our operations was limited.”
The company also promised to directly notify “each individual whose personal information was affected.”
So far, Affirm, Earnin, Marketa, Melio and Mercury (all Evolve partners) have confirmed they are investigating how the Evolve breach affected their customers. Share with X This is the notice sent to customers by Branch, another Evolve partner, which has not yet responded to repeated requests for comment from TechCrunch.
