web analytics

Evolve Ransomware Hack Affects Affirm and Fintech Companies – Source: www.databreachtoday.com

evolve-ransomware-hack-affects-affirm-and-fintech-companies-–-source:-wwwdatabreachtoday.com
Rate this post

Source: www.databreachtoday.com – Author: 1

Finance & Banking
,
Incident & Breach Response
,
Industry Specific

Startups and Evolve Client Are Monitoring the Situation for Potential Fallout

David Perera (@daveperera) •
July 2, 2024    

Evolve Ransomware Hack Affects Affirm and Fintech Companies
A ransomware attack didn’t stop Affirm customers from buying now and paying later. (Image: Shutterstock)

A ransomware attack against Evolve Bank & Trust triggered a small cascade of secondary breach notifications by current and past clients of the banking-as-a-service company.

See Also: Securing the Cloud for Financial Services

Russian-speaking ransomware-as-a-service operation LockBit attacked the Tennessee company in May after “an employee inadvertently clicked on a malicious internet link,” Evolve disclosed.

Evolve said preliminary investigation results show that hackers stole names, Social Security numbers, bank account numbers and contact information for most of its personal banking customers, as well as for customers of its banking-as-a-platform business.

Among the clients affected by the data breach is Affirm, the “buy now, pay later” consumer credit provider. In a regulatory filing, Affirm said it “believes that the personal information of Affirm Card users was compromised as part of Evolve’s cybersecurity incident.” Affirm shares customer information with Evolve as part of the card issuance process.

The filing says the ransomware incident didn’t affect Affirm customers’ ability to continue buying things now and paying for them later.

Also caught up in the breach is money transfer service Wise, which said it worked with Evolve from 2020 until 2023. Data shared with the Tennessee company included name, address, contact information and data of birth, as well as Social Security number or similar identifiers for international customers.

“Evolve has not yet confirmed to us what data has been impacted,” Wise said.

High-interest, low credit score, non-bank credit card company Mercury Financial, which uses Evolve to issue cards, is telling customers that hackers may have stolen their data. Information at risk includes “some account numbers, deposit balances, business owner names, and emails associated with mercury and other fintech accounts.”

Fintech startups and Evolve clients EarnIn, Marqeta and Melio earlier told TechCrunch they are monitoring the incident for potential fallout.

LockBit initially claimed the extortion episode as an attack against the U.S. Federal Reserve – possibly because an affiliate spotted a stolen document that said “United States Federal Reserve” and assumed the victim was the central bank. The Board of Governors of the Federal Reserve System, working with the Arkansas State Bank Department, on June 14 issued a cease and desist order against Evolve Bancorp and Evolve Bank & Trust, citing shortcomings in the bank’s “anti-money laundering, risk management and consumer compliance programs” (see: Bogus: LockBit’s Claimed Federal Reserve Ransomware Hit).

Original Post url: https://www.databreachtoday.com/evolve-ransomware-hack-affects-affirm-fintech-companies-a-25680

Category & Tags: –

Views: 1

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

Codrut Andrei
Cybersecurity Talent Crisis Today and Tomorrow by Codrut Andrei
Cybersecurity Talent Crisis Today and...
SCYTHE
Better Cybersecurity Metrics – SOC Metrics – Threat Hunting Metrics – Cyber Threat Intelligence (CTI) Metrics – Incident Response (IR) Metrics for CISOs by SCYTHE
Better Cybersecurity Metrics – SOC...
ACSC Australia
Personal Cyber Security First Steps by Australian Government – ACSC
Personal Cyber Security First Steps...
Joas Antonio
100 Security Operation Tools for SOCs by Joas Antonio
100 Security Operation Tools for...
Joas Antonio
Guide for Multi-Cloud Read Team AWS – GCP – AZURE by Joas Antonio
Guide for Multi-Cloud Read Team...
SANS
SANS Faculty Cybersecurity Free Tools – SANS Instructors have built more than 150 open source tools that support your work and help you implement better security.
SANS Faculty Cybersecurity Free Tools...
Marcos Jaimovich
The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.
The Silent Spectre Haunting Your...
Marcos Jaimovich
Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?
Goodbye to Traditional: Why Conventional...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...
IZZMIER
Incident Response Playbooks & Workflows Ready for use in your SOC & Redteams
Incident Response Playbooks & Workflows...
LOGPOINT
396 Use Cases & Siem Rules Code ready for use for Mitre Attacks Events Detection in Your SOC by Logpoint
396 Use Cases & Siem...

LASTEST PUBLISHED POSTS

FERMA
THE ROADMAP TO STRATEGIC RISK MANAGEMENT
THE ROADMAP TO STRATEGIC RISK...
ENISA-EUROPA
Cyber Resilience Act Requirements Standards Mapping
Cyber Resilience Act Requirements Standards...
CYTAD
Essential Data Privacy Checklist
Essential Data Privacy Checklist
SF-ISAC
Digital Operational Resilience Act
Digital Operational Resilience Act
SYNGRESS
DIGITAL FORENSICS WITH Open Source TOOLS
DIGITAL FORENSICS WITH Open Source...
IT REVOLUTION DEVOPS ENTERPRISE FORUM
DevOps Automated Governance Reference Architecture
DevOps Automated Governance Reference Architecture
SANS GIAC CERTIFICATIONS
Detecting Attacks on Web Applications from Log Files
Detecting Attacks on Web Applications...
EUROPEAN DATA PROTECTION SUPERVISOR
ANNUAL REPORT 2023
ANNUAL REPORT 2023
TechTarget
IT Disaster Recovery Plan Template
IT Disaster Recovery Plan Template
Opstune
IOC Scan Framework v2.0
IOC Scan Framework v2.0
Federal Office for Information Security
Indirect Prompt Injections
Indirect Prompt Injections
the Department of the Environment Climate and Communications
Guidelines on CyberSecurity Specifications
Guidelines on CyberSecurity Specifications

More Latest Published Posts

Australian Goverment
PROTECTIVE SECURITYPOLICY FRAMEWORKSecuring government business:Protective security guidance for executive
PROTECTIVE SECURITYPOLICY FRAMEWORKSecuring government business:Protective security guidance for executive
CISC (Comité Internacional Sobre Ciberseguridad)
Política Nacional de Ciberseguridad 2023-2028
Política Nacional de Ciberseguridad 2023-2028
Google
Perspectiveson Securityfor the Board
Perspectiveson Securityfor the Board
HADESS
OSINT Method for Map Investigations
OSINT Method for Map Investigations
CCN-CERT
Observatorio Riesgos Ciberseguridad 2024
Observatorio Riesgos Ciberseguridad 2024
CYBERTHEORY
The ISMG Cybersecurity Pulse Report 2024 is a treasure trove of insights from the RSA Conference, revealing the dynamic landscape of cybersecurity. From AI to Zero Trust: A comprosive guide to the key themes and expert opinions from RSA CONFERENCE 2024 – #RSAC2024
The ISMG Cybersecurity Pulse Report 2024 is a treasure trove of insights from the RSA Conference, revealing the dynamic landscape of cybersecurity. From AI to Zero Trust: A comprosive guide to the key themes and expert opinions from RSA CONFERENCE 2024 – #RSAC2024
FORTINET
Bloking Malware Through Antivirus Security Profile in FortiGate
Bloking Malware Through Antivirus Security Profile in FortiGate
ENISA
Best Practices for Cyber Crisis Management
Best Practices for Cyber Crisis Management
viehgroup
AWS Cloud Security Checklist
AWS Cloud Security Checklist
DevSecOps Guide
Attacking .NET
Attacking .NET
IGNITE Technologies
Advance Burp Suite Pentester Training (Online)
Advance Burp Suite Pentester Training (Online)
LogRhythm
Using MITRE ATT&CK™in Threat Huntingand Detection
Using MITRE ATT&CK™in Threat Huntingand Detection
INCIDENT RESPONSE PLAN
INCIDENT RESPONSE PLAN
NIST CSF 2.0
Incident Response Recommendations and Considerations for Cybersecurity Risk Management
Incident Response Recommendations and Considerations for Cybersecurity Risk Management
GmFaruk
Identity and Access Management Policy
Identity and Access Management Policy
UK HM Government
National Cyber Strategy 2022
National Cyber Strategy 2022
NSA
NSA Network Infrastructure Security Guide
NSA Network Infrastructure Security Guide
NIST
NIST Policy Template Guide
NIST Policy Template Guide
Thecyphere
Malware prevention tips for businesses
Malware prevention tips for businesses
ministry of security
MERGERS AND ACQUISITIONS
MERGERS AND ACQUISITIONS
THE LINUX FUNDATION
Linux Privilege Escalation
Linux Privilege Escalation
LogRhythm
How to build a SOC with limited resources
How to build a SOC with limited resources
Kubernetes
Kubernetes and Cloud Native Associate (KCNA) Study Guide
Kubernetes and Cloud Native Associate (KCNA) Study Guide
Australian Government
Management structures and responsibilities
Management structures and responsibilities
Hacker Combat
How are Passwords Cracked ? by Hacker Combat.
How are Passwords Cracked ? by Hacker Combat.
N/A
Security Metrics & KPIs for Measuring SOC Success – Measure Up: How SOC Metrics Elevate Your Security Posture.
Security Metrics & KPIs for Measuring SOC Success – Measure Up: How SOC Metrics Elevate Your Security Posture.
Sectrio
The Global OT & IoT Threat Landscape Assessment and Analysis rEPORT 2024 by Sectrio Threat Research Lab Initiative.
The Global OT & IoT Threat Landscape Assessment and Analysis rEPORT 2024 by Sectrio Threat Research Lab Initiative.
ISA SECURE
The Case for ISA/IEC 62443Security Level 2 as a Minimumfor COTS Components
The Case for ISA/IEC 62443Security Level 2 as a Minimumfor COTS Components