Fintech

Affirm and Others Emerge as Evolve Breach Victims

Published

7 months ago

on

A ransomware attack on a major financial services provider has become a problem for many of the companies it works with, two of which have already mentioned the potential negative impact on customer data.

The infamous LockBit group attracted undue attention earlier last week when claimed to have hacked the US Federal ReserveIn reality, he had hacked the much more modest Evolve Bank & Trust.

According to a statement from Memphis-based Evolve, the attack occurred in late May when an Evolve employee clicked on a malicious phishing link. While the attackers did not gain access to any customer money, they were able to access and download customer information from databases and a file share. They also encrypted some data, but thanks to backups, the company “suffered limited data loss and impact to our operations.”

LockBit was kicked off Evolve’s systems by the end of the month. But after the victim refused to pay the ransom, the group leaked the data it had stolen.

The twist is that, in addition to banking and lending services for individuals and businesses, Evolve offers payment processing and business-to-business (B2B) banking-as-a-service (BaaS) technologies. So, in addition to its direct customers, its latest cyber incident has also spread to users of other financial companies which integrate with it, and More victims of the violation come to light.

The dominoes begin to fall

One example is Wise, a multi-billion dollar company based in London. According to a statement Last week, Wise partnered with Evolve from 2020 to 2023 to “provide USD account details” to its customers. To enable this service, Wise shared with Evolve its customers’ names, addresses, dates of birth, contact details, and identification numbers, including employer identification numbers and social security numbers. According to Wise, this information “may have been implicated” in Evolve’s latest breach.

The same goes for buy-now-pay-later (BNPL) company Affirm, which uses Evolve to issue and manage its Affirm Cards credit cards. Customer cards remain intact, but the personal information Affirm shared with Evolve is another matter. “The full scope, nature and impact of the incident on the company and Affirm Card users, including the extent to which there was unauthorized access to Affirm Card users’ personal information, is not yet known,” the company said. reported in an 8-K filing with the SEC.

Evolve has several other notable partners in the financial services industry, most notably Stripe and Shopify. Several of them are currently investigating whether their customer data was affected.

“This is another unfortunate example of a supply chain issue impacting an organization,” says Erich Kron, security awareness advocate at KnowBe4. “The more we have these large companies providing services to a lot of smaller companies, the more this threat will continue to become apparent through breaches like this. Unfortunately for Affirm, it’s going to be their name that’s going to be in the breach notifications and potentially their reputation is going to be at risk.”



Source

Related Topics:

Leave a Reply

Your email address will not be published. Required fields are marked *

Información básica sobre protección de datos Ver más

  • Responsable: Miguel Mamador.
  • Finalidad:  Moderar los comentarios.
  • Legitimación:  Por consentimiento del interesado.
  • Destinatarios y encargados de tratamiento:  No se ceden o comunican datos a terceros para prestar este servicio. El Titular ha contratado los servicios de alojamiento web a Banahosting que actúa como encargado de tratamiento.
  • Derechos: Acceder, rectificar y suprimir los datos.
  • Información Adicional: Puede consultar la información detallada en la Política de Privacidad.

Trending

Exit mobile version