Wise, a company specialising in money transfers and financial technology, revealed on Friday that the recent data breach at Evolve Bank and Trust may have compromised a number of its clients’ personal information.
The recent report emphasises the fact that the consequences of the data breach at Evolve on third-party organisations, as well as their customers and users, are still unknown. Unidentified firms and startups are likely to face these consequences.
Wise wrote “to provide USD account details” in a statement that was published on its official website. The firm collaborated with Evolve from 2020 to 2023, according to the statement. In addition, considering that Evolve was recently the victim of a security incident, “the personal information of some Wise customers may have been involved.” 
According to the organisation’s information, “We will be sending an email to all Wise customers who we believe may have been directly affected by this data breach.”
In a statement, Wise disclosed that it had provided Evolve with personal information pertaining to its clients in the United States. This information included names, residences, dates of birth, contact information, and either Social Security numbers or employer identification numbers. Wise also provided “another identity document number” to consumers who were not from the United States.
The firm’s “active investigation” statement leaves us uncertain about the number of Wise customers affected by this issue.
A spokeswoman for Wise informed Eltrys that the firm is continuing its investigation and “contacting customers who may have been affected by this breach directly.”
According to the statement that was sent out via email by the representative, “Wise’s systems were not compromised, and our customers are able to access their accounts safely.”
After being contacted by Eltrys for a comment, Evolve spokesperson Eric Helvie declined and referred to the official statement that the company has posted on its website. Evolve was asked by Eltrys how many partner companies, both current and former, and end users were affected by the breach and whether it had contacted them all.
According to the statement, Evolve “continues to work around the clock to respond to the recent cybersecurity incident” and pledges to offer more updates. This statement was written at the time this article was written. According to the organization, an employee clicked on a malicious link in May of this year, which led to the breach. The breach was a ransomware assault carried out by the LockBit criminal group.
“There is no evidence that the criminals accessed any customer funds,” the statement stated. “However, it appears that they did access and download customer information from our databases and a file share during periods in February and May,” the statement added. The threat actor encrypted some of our environment’s data. Because we have backups available, we have only experienced a small amount of data loss and disruption to our operations.
Additionally, the business guarantees that it will immediately inform “every individual whose personal information was affected.”
Up to this point, Evolve partners Affirm, EarnIn, Marqeta, Melio, and Mercury have all stated that they are conducting an investigation into the ways in which the Evolve breach affected their respective clients. On Monday, Fintech writer Jason Mikula tweeted a notice that Branch, another Evolve partner, had given to a client on X. Branch is involved in the financial technology industry. Eltrys has tried to get a statement from Branch on many occasions, but they have not yet responded.
