A ransomware attack on Evolve Bank & Trust has affected several other financial companies that use its services. The attackers, known as LockBit, gained access to customer information and encrypted some data, but Evolve’s backups minimized the impact. However, the attackers leaked the stolen data after Evolve refused to pay the ransom.
The breach has spread to users of other financial companies that integrate with Evolve, including Wise, a multibillion-dollar company that partnered with Evolve from 2020 to 2023. Wise shared its customers’ personal information with Evolve, which may have been involved in the breach.
Another affected company is Affirm, a buy now, pay later (BNPL) company that uses Evolve to issue and service its credit card-style cards. Affirm has not yet disclosed the full extent of the incident or whether customer data has been accessed without authorization.
Evolve’s partners in the financial services industry are investigating whether their customers’ data has been affected, including Stripe and Shopify.