In a recent development, a prominent fintech enterprise disclosed to regulatory authorities that a cyber intrusion targeting one of its banking associates led to the exposure of client data.
The enterprise, known for its substantial presence in the “buy now, pay later” market, informed the Securities and Exchange Commission that a breach at Evolve Bank resulted in the unauthorized release of customer details. Evolve Bank acknowledged the security incident last week, revealing that personal data of an unspecified number of clients were compromised.
The fintech firm collaborates with Evolve Bank for the issuance of its proprietary card, which functions akin to a debit card but offers the flexibility to split purchases into manageable payment installments.
According to the firm’s regulatory filing, it routinely shares client data with Evolve Bank to streamline card issuance and maintenance processes.
The firm suspects that the data breach at Evolve Bank may have impacted the personal information of its cardholders. However, it assured that its own IT infrastructure remains secure and that cardholders can continue to use their cards without interruption. The incident has not affected any other aspects of the firm’s operations.
While the investigation into the security breach is active, Evolve Bank has assured that the situation is under control.
Nonetheless, the extent of the breach’s impact on the firm and its card users, particularly regarding unauthorized data access, is still under assessment. The firm has notified law enforcement and reached out to all its customers regarding the incident.
In response to the breach, the company has intensified its fraud surveillance measures. It anticipates no significant financial repercussions from the event.
A recent report by TechCrunch indicated that the fintech firm was among several clients of Evolve Bank, including the remittance service Wise, to acknowledge the repercussions of the bank’s security breach.
The fintech company has disseminated a notification letter to its clientele and established a dedicated FAQ webpage to address customer concerns.
Evolve Bank has confirmed an assault by the LockBit ransomware collective in late May. Initially, the group erroneously claimed to have penetrated the U.S. Federal Reserve but later disclosed data originating from Evolve Bank.
Evolve Bank detected operational anomalies in May and managed to halt the cyberattack after a few days. The bank traced the breach to an employee who accidentally engaged with a harmful online link.
Evolve Bank clarified that there’s no indication of unauthorized access to customer funds. However, the attackers did manage to extract and download client data from the bank’s databases and file-sharing systems during incidents in February and May.
The cybercriminals also encrypted some of the bank’s data. Fortunately, due to available backups, the bank experienced minimal data loss and operational disruption. The bank chose not to comply with the ransom demand, leading to the public disclosure of the stolen data by the attackers. The data was initially misattribated to the Federal Reserve Bank by the hackers.
The stolen data includes names, Social Security numbers, bank account details, and contact information of both customers and employees.
Evolve Bank plans to issue breach notification letters by July 8, offering two years of complimentary credit monitoring and identity theft protection services to those affected.
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
