Remittance and fintech company Wise said on Friday that some of its customers' personal data may have been stolen in a recent data breach at Evolve Bank & Trust.
The news highlights that it is still unknown how the Evolve data breach will impact third-party companies and their customers and users, likely including as yet unknown companies and startups.
In a statement on its official website, Wise said that it worked with Evolve “to provide USD account details” from 2020 to 2023. It also said that given Evolve's recent breach, “it is possible that some of the personal information of Wise customers was included.”
“We will be directly emailing all Wise customers who we believe may have been affected by this data breach,” the company wrote.
Wise Bank said it shared personal information of its U.S. customers with Evolve, including names, addresses, dates of birth, contact details, and Social Security or employer identification numbers. For customers outside the U.S., Wise Bank also shared “alternative identification numbers.”
It's unclear at this time how many Wise customers were affected, but the company says it is still “actively investigating.”
Contact Us Do you have more information about the Evolve breach and how it's affecting other companies? You can securely contact Lorenzo Franceschi-Bicchierai from a non-work device via Signal (+1 917 257 1382), Telegram, Keybase, Wire @lorenzofb, or email. You can also contact TechCrunch via SecureDrop.
Wise did not respond to a request for comment to clarify how many customers' data was stolen.
When TechCrunch reached out to Evolve for comment and asked if they knew how many partners (both current and existing) and end users were affected by the breach and whether Evolve had already contacted all of them, Evolve spokesperson Eric Helvie declined to comment and referred the company to an official statement on its website.
At the time of writing, Evolve said in a statement that it was “continuing to work around the clock to respond to the recent cybersecurity incident” and would provide further updates. The company said the breach was caused by an employee clicking on a malicious link in May of this year, resulting in a ransomware attack perpetrated by the LockBit cybercrime group.
“While we have no evidence that the criminals accessed customer funds, they appear to have accessed and downloaded customer information from our databases and file shares between February and May,” the statement read. “The attackers also encrypted data within our environment; however, we had backups in place and data loss and impact to our operations was limited.”
The company also promised to directly notify “each individual whose personal information was affected.”
So far, Evolve's partners Affirm, EarnIn, Marqeta, Melio, and Mercury have confirmed that they're investigating how the Evolve breach affected their customers. On Monday, fintech reporter Jason Mikula shared a notice sent to customers by Branch, another Evolve partner, on X. Branch has not yet responded to repeated requests for comment from TechCrunch.