Money transfer and fintech company Wise announced Friday that some of its customers' personal information may have been stolen in the recent data breach at Evolve Bank and Trust.
The news shows that the consequences of the Evolve data breach for external companies (and their customers and users) are still unclear. It is likely that these are companies and startups that are still unknown.
In a statement published on the official websiteWise wrote that the company worked with Evolve from 2020 to 2023 “to provide USD account information.” And since Evolve recently suffered a breach, “personal data of some Wise customers may have been involved.”
“We will be directly emailing all Wise customers who we believe may have been affected by this data breach,” the company wrote.
Wise said it shared U.S. customers' personal information with Evolve, information that included names, addresses, dates of birth, contact information and Social Security numbers or employer identification numbers. For non-U.S. customers, Wise also shared “another identity document number.”
At this time, it is unclear how many Wise customers have been affected, as the company wrote that it is still “actively investigating.”
Wise did not respond to a request for comment asking to clarify how many of its customers had their data stolen.
When reached for comment by JS, asking whether Evolve knows how many partner companies — past and present — and end users have been affected by the breach, and whether Evolve has contacted them all, Evolve spokesperson Eric Helvie declined to comment, citing the company's official statement on its website.
At the time of writing, the statement said that Evolve “continues to work around the clock to respond to the recent cybersecurity incident” and promised to provide further updates. The company said the breach was a ransomware attack by cybercrime gang LockBit, after an employee clicked on a malicious link in May this year.
“There is no evidence that the threat actors accessed customer funds, but it appears that they downloaded customer information from our databases and shared files during the February and May periods,” the statement said. “The threat actor also encrypted some data within our environment. However, we have backups available and have experienced limited data loss and limited impact to our operations.”
The company also promises to directly notify “any individual whose personal data has been compromised.”
So far, Affirm, EarnIn, Marqeta, Melio, and Mercury — all Evolve partners — have acknowledged that they are investigating how the Evolve breach affected their customers. On Monday, fintech reporter Jason Mikula said shared on X a notification that Branch, another Evolve partner, sent to a customer. Branch has not yet responded to repeated requests for comment from JS.
