Fintech and money transfer company Wise announced on Friday that some of its customers’ personal data may have been stolen in The recent data breach at Evolve Bank and Trust.
The news highlights that the consequences of the Evolve data breach for third-party companies (and their customers and users) are still unclear, and are likely to include companies and startups that are still unknown.
In a statement published on its official websiteWise wrote that the company worked with Evolve from 2020 to 2023 “to provide USD account details.” And since Evolve was recently breached, “personal information of some Wise customers may have been involved.”
“We will be emailing all Wise customers who we believe may have been directly affected by this data breach,” the company wrote.
Wise said it shared personal data of US customers with Evolve, including names, addresses, date of birth, contact details, and Social Security or Employer Identification Number numbers. For customers outside the US, Wise also shared “another ID number.”
At this point, it’s unclear how many Wise customers have been affected, as the company wrote that it is still “actively investigating.”
Wise did not respond to a request for comment seeking clarification on how many of its customers had suffered data breaches.
When contacted by TechCrunch for comment and asked if Evolve knows how many partner companies (former and current) and end users have been affected by the breach, and if Evolve has already contacted all of them, Evolve spokesperson, Eric Helvie, declined to comment and referred to Official company statement on its website.
At the time of writing, the statement says Evolve “continues to work around the clock to respond to the recent cybersecurity incident” and promises to provide further updates. The company said the breach was a ransomware attack by cybercriminal gang LockBit, due to an employee clicking on a malicious link in May this year.
“There is no evidence that criminals accessed customer funds, but it appears that they did access and download customer information from our databases and a file share during the February and May periods,” the report reads. release. “The threat actor also encrypted some data within our environment. However, we have backups available and have suffered limited data loss and impact to our operations.”
The company also promises to directly notify “each individual whose personal information has been affected.”
So far, Affirm, EarnIn, Marqeta, Melio and Mercury (all Evolve partners) have recognized who are investigating how the Evolve breach affected their customers. On Monday, fintech journalist Jason Mikula shared on X a notification that Branch, another Evolve partner, had sent to a client. Branch has not yet responded to TechCrunch’s repeated requests for comment.