Money transfer and fintech company Wise announced Friday that some of its customers’ personal data may have been stolen the recent data breach at Evolve Bank and Trust.
The news highlights that the fallout from the Evolve data breach on third-party companies — and their customers and users — is still unclear, and it’s likely to include companies and startups that are still unknown.
In a statement published on its official websiteWise wrote that the company worked with Evolve from 2020 to 2023 “to provide information about USD accounts.” And given that Evolve was recently hacked, “personal information of some Wise customers may have been involved.”
“We will be emailing all Wise customers who we believe may have been directly affected by this data breach,” the company wrote.
Wise said it shared with Evolve personal data of its U.S. customers, including names, addresses, dates of birth, contact information and Social Security or employer identification numbers. For non-U.S. customers, Wise also shared “an alternate identification number.”
At this point, it is unclear how many Wise customers have been affected, as the company wrote that it is “still actively investigating.”
Contact us
Do you have more information about the Evolve breach and how it affects other companies? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase, and Wire @lorenzofb, or e-mail. You can also contact TechCrunch via Secure deposit.
A Wise spokesperson told TechCrunch that the company is still investigating and is “directly reaching out to customers who may have been affected by this breach.”
“Wise’s systems were not compromised and our customers can access their accounts safely,” the spokesperson said in an email.
Reached by TechCrunch for comment, asking if Evolve knew how many partner companies — past and present — and end users were affected by the breach, and if Evolve had already contacted all of them, Evolve spokesperson Eric Helvie declined to comment and referred to the company’s official statement on its website.
At the time of writing, the statement said that Evolve “continues to work around the clock to respond to the recent cybersecurity incident” and promised to provide further updates. The company said the breach was a ransomware attack by the LockBit cybercriminal gang, caused by an employee who clicked on a malicious link in May of this year.
“There is no evidence that the criminals gained access to customer funds, but it appears that they accessed and downloaded customer information from our databases and a file share during certain periods in February and May,” the statement read. “The threat actor also encrypted some data in our environment. However, we have backups in place and have experienced limited data loss and impact to our operations.”
The company also pledged to directly notify “each individual whose personal information has been affected.”
So far, Affirm, EarnIn, Marqeta, Melio and Mercury — all Evolve partners — have recognized that they are investigating the impact of the Evolve breach on their customers. On Monday, fintech journalist Jason Mikula shared on X a notification that Branch, another Evolve partner, had sent to a customer. Branch has not yet responded to TechCrunch’s repeated requests for comment.
This article has been updated to include a statement from Wise’s spokesperson.