Evolve Bank Cyberattack Affects Affirm Card Users and Customers of Fintech Company Wise

• American Evolve Bank was the target of a ransomware attack that saw a huge trove of data for sale on a hacker forum.
• The security incident sent ripples to third parties, impacting a fintech company’s customer database.
• Affirm Holdings card company also shared client personal details with Evolve Bank, which may have been exposed. 

The money transfer and fintech company Wise announced on Friday that some of its customers’ personal data might have been stolen in the recent Evolve Bank and Trust data breach. Also, U.S. financial technology firm Affirm Holdings said on Monday this cybersecurity incident could have impacted the personal information of Affirm card users. 

Last week, the recently disrupted ransomware group LockBit claimed to have 33 TB of data from an alleged U.S. Federal Reserve breach that proved to really belong to the Evolve Bank & Trust financial organization. The breach reportedly occurred due to an employee clicking on a malicious link in May. 

Wise said they collaborated with Evolve from 2020 until 2023 “to provide USD account details,” and some of the fintech company’s customers may have been impacted directly, as personal data like names, addresses, date of birth, contact details, and Social Security numbers or Employer Identification Number of U.S. Wise clients were shared with the bank, as well as identity document numbers of non-U.S. customers.

Wise did not disclose the number of affected customers, but an investigation is ongoing, and impacted individuals have been notified. They also say the company’s systems were not compromised.

Since Evolve Bank is a third-party issuer of Affirm cards, the financial technology company started its own investigation, saying the client information it shared with the breached bank may have been exposed. However, the firm confirmed that the company's systems were not impacted by this security incident.

In early May, law enforcement sanctioned and charged Dmitry Yuryevich Khoroshev with being the leader of the infamous LockBit ransomware group, aka LockBitSupp. Khoroshev has had his assets frozen, and authorities offer a reward of up to $10 million for information that would lead to his arrest.

A hacker connected to Conti and LockBit was arrested this month in Ukraine, as the cryptor specialist from Kyiv had been cooperating with Russian ransomware groups and helping the cybercriminal gang evade detection.

LockBit Ransomware-as-a-Service (RaaS) affiliate-based variant operated since January 2020, and law enforcement shut down LockBit's infrastructure in February 2024 through Operation Cronos. Authorities seized several servers and offered approximately 7,000 LockBit keys to U.S. and international victims.