Money transfer and fintech company Wise announced on Friday that some of its customers’ personal data may have been stolen in the recent data breach at Evolve Bank and Trust.
The news highlights that the consequences of the Evolve data breach on third-party companies — and their customers and users — are still unclear, and likely involve as-yet-unknown companies and startups.
In a statement published on its official website, Wise wrote that the company worked with Evolve from 2020 to 2023 “to provide USD account information.” And since Evolve was recently hacked, “some personal information of Wise customers may be involved.”
“We will be emailing all Wise customers we believe may have been directly affected by this data breach,” the company wrote.
Wise said it shared personal data of U.S. customers with Evolve, information that included names, addresses, date of birth, contact information and social security or employer identification numbers. For non-US customers, Wise also shared “another ID document number.”
At this point, it’s unclear how many Wise customers have been affected, as the company wrote that it’s still “actively investigating.”
Contact us
Do you have more information about the Evolve breach and how it affects other companies? From a non-working device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382 or via Telegram, Keybase and Wire @lorenzofb or via email. You can also contact TechCrunch via SecureDrop.
A Wise spokesperson told TechCrunch that the company is still investigating and is “contacting customers who may have been directly affected by this breach.”
“Wise’s systems were not compromised and our customers are accessing their accounts securely,” the spokesperson said in an email.
When reached by TechCrunch for comment, asking if Evolve knows how many partner companies — past and present — and end users have been affected by the breach, and if Evolve has already contacted them all, Evolve spokesman Eric Helvie declined to comment, referring to official announcement of the company on its website.
As of this writing, the statement says that Evolve “continues to work around the clock to respond to the recent cyber security incident” and promises to provide further updates. The company said the breach was a ransomware attack by cyber crime gang LockBit, due to an employee clicking on a malicious link in May this year.
“There is no evidence that the criminals accessed customer funds, but it appears that they accessed and downloaded customer information from our databases and a shared file during the February and May periods,” the statement said. “The threat actor also encrypted some data in our environment. However, we have backups available and have experienced limited data loss and impact on our operations.”
The company also promises to notify “any individual whose personal information was affected” directly.
So far, Affirm, EarnIn, Marqeta, Melio and Mercury – all Evolve partners – have acknowledged they are investigating how the Evolve breach affected their customers. On Monday, fintech reporter Jason Mikula shared with X a notification that Branch, another Evolve partner, had sent to a customer. Branch has not yet responded to repeated requests for comment from TechCrunch.
This story has been updated to include a statement from Wise’s representative.
