Fintech Frenzy: Affirm & Others Emerge as Victims in Evolve Breach

A ransomware attack has become a supply chain issue, thanks to the victims partnerships with other financial services companies.

A ransomware attack against a large financial services provider has become a problem for many companies it works with, two of which have already alluded to potential negative impacts on customer data.
The infamous LockBit group earned some undue attention early last week when it
claimed to have hacked the US Federal Reserve
. In fact, it had breached the far lesser Evolve Bank & Trust.
According to a statement
from Memphis-based Evolve, the attack occurred in late May, when an Evolve employee clicked on a malicious phishing link. Though the attackers didnt access any customers money, they were able to access and download customer information from databases and a file share. They also encrypted some data but, thanks to backups, the company experienced limited data loss and impact on our operations.
LockBit was kicked out of Evolves systems by the end of the month. But after the victim refused to pay the ransom, the group leaked the data it had stolen.
The twist is that, in addition to banking and lending for private citizens and businesses, Evolve offers business-to-business (B2B) banking-as-a-service (BaaS) and payments processing technologies. So beyond its own direct customers, its latest cyber incident has also
spread to users of other financial companies
that integrate with it, and
more victims of the breach are coming to light
.
For example, theres the multibillion-dollar London-based Wise.
According to a statement
last week, it partnered with Evolve from 2020 to 2023 to provide USD account details to its customers. To enable that service, Wise shared with Evolve its customers names, addresses, dates of birth, contact details, and ID numbers, including employer identification numbers and Social Security numbers. According to Wise, this information may have been involved in Evolves latest breach.
Ditto to buy now, pay later (BNPL) company Affirm, which uses Evolve to issue and service its credit card-style Affirm Cards. Customers cards remain untouched, but the personal information Affirm shared with Evolve is another matter. The full scope, nature and impact of the incident on the Company and Affirm Card users, including the extent to which there has been unauthorized access to Affirm Card user Personal Information, are not yet known, the company
reported in an 8-K filing
with the SEC.
Evolve has many other notable partners in the financial services industry, most notably Stripe and Shopify. A number of them are currently investigating whether their customers data has been affected.
This is another unfortunate example of a supply chain problem impacting an organization, says Erich Kron, security awareness advocate at KnowBe4. The more we have these very large companies that service many smaller ones, the more this threat will continue to become apparent through breaches such as this. Unfortunately for Affirm, it will be their name going out on the breach notifications and potentially their reputation at risk.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Fintech Frenzy: Affirm & Others Emerge as Victims in Evolve Breach