Evolve Bank and Trust, a financial institution known for serving fintech startups, revealed on Wednesday that it had fallen victim to a cyberattack and data breach that could have impacted its partner companies as well.
According to a statement from the company, the incident involved the data and personal information of some Evolve retail bank customers and customers of financial technology partners.
Upon contact by TechCrunch, Evolve’s communications chief Thomas Holmes stated that the incident involves a known cybercriminal organization.
The cybercriminals responsible for the breach are believed to be the LockBit ransomware gang, who posted data allegedly stolen from Evolve on the dark web.
Evolve has a list of partner companies on its website that rely on the bank for various financial and lending services. TechCrunch reached out to several of these partners to assess the impact of the breach, with only a few responding to the request for comment.
Contact Us
Do you have more information about the Evolve breach and how it’s impacting partner companies? Contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase, and Wire @lorenzofb, or email. You can also contact TechCrunch via SecureDrop.
Affirm, one of the partner companies, mentioned that it is actively investigating the incident and will communicate directly with affected consumers as more information is gathered.
EarnIn and Marqeta also confirmed awareness of the breach and are closely monitoring the situation to understand the impact on their customers.
Melio, another partner, stated that they are diligently working with Evolve to determine the potential impact on their business and customers, ensuring operations continue without disruptions.
Mercury, when reached out to, indicated that the Evolve breach had affected certain records associated with the company, including sensitive information like account numbers and business owner details.
As more affected companies step forward, the true repercussions of the Evolve breach on customers and partner companies will become more apparent.
Evolve has been under scrutiny lately for its handling of fintech partnerships. The Federal Reserve recently mandated the bank to tighten risk management practices around such partnerships and anti-money laundering laws.
The relationship between Evolve Bank and the collapsing Synapse banking-as-a-service startup has also come to light, showcasing ongoing challenges in the fintech space.
This story has been updated to include comments from Marqeta and Melio.
