Wise and Evolve Data Breach Highlights Risks of Third-Party Partnerships

Wise, a prominent financial technology company, recently disclosed a data breach impacting some customer accounts due to a ransomware attack on their former partner, Evolve Bank & Trust. The breach has raised significant concerns about the security of third-party partnerships, especially in financial services.

From 2020 to 2023, Wise partnered with Evolve to provide USD account details for their customers. Last week, Evolve confirmed an attack attributed to the notorious ransomware group LockBit. 

The group leaked the data after the bank refused to pay the ransom. The breach underscores the precarious nature of relying on third-party companies for critical services and trusting their security measures.

Evolve has not yet confirmed the specific personal information leaked. However, Wise has taken a transparent approach, confirming that the shared information included names, addresses, dates of birth, contact details, Social Security numbers (SSNs) or Employer Identification Numbers (EINs) for U.S. customers, and other identity document numbers for non-U.S. customers. 

Evolve’s initial investigation suggests that names, SSNs, bank account numbers, and contact information for most of their personal banking customers, as well as customers of their Open Banking partners, were affected.

In response to the breach, Wise assured its customers that they no longer work with Evolve Bank & Trust. Currently, USD account details are provided by a different bank, emphasizing their commitment t

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.