Fintech

Startups rush to assess the consequences of the Evolve Bank data breach

Published

10 months ago

on

Wednesday, Evolve Bank and Trust, a financial institution popular among fintech startupsannounced that it had been the victim of a cyber attack and data breach that could also affect its partner companies.

The accident, as stated by the companyit concerned “the data and personal information of certain Evolve retail banking customers and customers of financial technology partners.”

When reached by TechCrunch, Evolve’s head of communications, Thomas Holmes, said the incident involves “a known cyber criminal organization.”

“It appears that these criminals have released illegally obtained data, onto the dark web,” Holmes said, declining to comment further.

The cybercriminals responsible for the breach appear to be the infamous LockBit ransomware gang, which posted the data allegedly stolen from Evolve on its dark web data leak site.

Evolve lists a number of companies on their website as partners who rely on the banking giant to offer some of their financial and credit services. To understand the impact of the Evolve breach on these companies, TechCrunch reached out to Affirm, Airwallex, Alloy, Bond, Branch, Dave, EarnIn, Marqeta, Mastercard, Melio, Mercury, Prizepool, Step, Stripe, Tabapay, and Visa.

None of the companies, except Affirm, EarnIn, Marqeta and Melio, responded to requests for comment.

Contact us

Do you have more information about the Evolve breach and its impact on partner companies? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or e-mail. You can also contact TechCrunch via SecureDrop.

Affirm spokesperson Matt Gross told TechCrunch that the company is investigating the incident and “will communicate directly with all affected consumers as we know more.”

Affirm also warned its customers in a post on X, writing that the Evolve breach “may have compromised some data and personal information” of Affirm customers. The company also said that it is safe to use its cards and cash accounts and that its investigation into the impact of the breach is ongoing.

EarnIn spokeswoman Stephanie Borman said the company is “aware of this incident and is monitoring it closely.”

Marqeta spokesperson Kelly Kraft told TechCrunch that the company is aware of the breach and that “Evolve supports a small portion of our overall business.”

“Our customers affected by this incident have been notified, and we are working closely with Evolve to understand their remediation effort and how our mutual customers may be impacted,” Kraft said in an email.

Melio co-founder and CEO Matan Bar told TechCrunch that the company is aware of the breach and is “working diligently with them to determine whether Melio or any of our customers were impacted. We will keep our customers informed with all relevant information as we learn more. There were no disruptions to Melio’s operations as a result of this incident.”

Another Evolve partner, the fintech startup Mercury, said about X that the Evolve breach impacted records associated with the company, “including certain account numbers, deposit balances, business owner names, and emails.”

As more and more affected companies come forward, the true impact of the Evolve breach on “certain Evolve retail banking customers and customers of financial technology partners” – as the company stated – will likely become clearer.

Evolve has recently made headlines for other issues related to its fintech partnerships. On June 14, the Federal Reserve ordered Evolve Bank to “strengthen its risk management programs related to fintech partnerships and anti-money laundering laws.”

According to a Fed statementexaminations conducted in 2023 found that Evolve “engaged in unsafe and unsound banking practices by failing to put in place an effective risk management framework for such partnerships” with financial technology companies.

The bank was also associated with the Banking-as-a-Service Startup Synapse Collapseswhich provided a service that allowed others, mainly fintechs, to integrate banking services into their offerings. When Synapse filed for bankruptcy this year and an attempted rescue takeover of its assets by TabaPay failed, the company it blamed its partner bank, Evolve — a saga that continues to unfold.

This story has been updated to include comments from Marqeta and Melio.

Source

Related Topics:

Leave a Reply

Your email address will not be published. Required fields are marked *

Información básica sobre protección de datos Ver más

  • Responsable: Miguel Mamador.
  • Finalidad:  Moderar los comentarios.
  • Legitimación:  Por consentimiento del interesado.
  • Destinatarios y encargados de tratamiento:  No se ceden o comunican datos a terceros para prestar este servicio. El Titular ha contratado los servicios de alojamiento web a Banahosting que actúa como encargado de tratamiento.
  • Derechos: Acceder, rectificar y suprimir los datos.
  • Información Adicional: Puede consultar la información detallada en la Política de Privacidad.

Trending

Exit mobile version