Affirm Cardholders Hit by Evolve Bank Data Breach: Protect Your Financial Power Now

Have you ever heard of Affirm? They’re a buy now, pay later loan company that has been making waves in the fintech world. However, they recently had to issue a warning to their customers because some of their personal information was exposed due to a data breach at Evolve Bank & Trust (Evolve), the third-party issuer of Affirm’s payment cards.

Affirm is known for providing consumer-friendly alternatives to traditional credit options. They offer point-of-sale financing, virtual cards on a mobile app, and a fully integrated physical card called the ‘Affirm Card.’

Evolve, on the other hand, is a large financial services provider that specializes in retail and commercial banking, payment processing, and banking-as-a-service (BaaS). They have active partnerships with multiple fintech companies, including Shopify, Bilt, Plaid, Stripe, and Mercury.

But here’s the thing: in June, the LockBit ransomware gang falsely claimed to have breached the US Federal Reserve and stolen 33 TB of data. After some investigation, it was determined that the data had actually been stolen from Evolve Bank & Trust. So, what does this mean for Affirm and its customers?

Affirm Impacted by Evolve Data Breach

In an update published, Evolve said they have since responded to the incident by resetting passwords globally, reconstructing critical Identity Access Management components, and implementing various network hardening measures.

As of the latest investigation findings, there’s evidence that the stolen data includes names, Social Security Numbers (SSNs), bank account numbers, and contact information.

Affirm, being one of Evolve’s clients, is now warning its customers that their personal and financial information might have been exposed in the Evolve data breach. Affirm shares customer data with Evolve as required to issue Affirm Cards, a debit card that lets you pay for purchases over time.

Although Evolve assured Affirm that the cybersecurity incident had been contained, an investigation into the scope of the breach and the extent of unauthorized access is still ongoing. In the meantime, Affirm says users may continue to transact normally as the company remains on high alert for potentially suspicious activity linked to the incident.

Wise and Bilt Impacted Too

The breach at Evolve has potentially affected several other fintech firms in the US, with Wise and Bilt confirming they were impacted.

Wise published a statement on its website late last week, informing customers that they had shared full names, addresses, contact details, Social Security numbers, and other sensitive information with Evolve as part of a partnership between 2020 and 2023.

Wise assured customers that their accounts remain secure and it’s safe to continue using their ‘Wise Cards,’ but recommended heightened vigilance against potential phishing attacks.

Bilt has also notified customers via notifications that its partnership with Evolve may have led to the compromise of sensitive customer information.

However, a Bilt employee confirmed on Reddit that they are unsure if any of its customers’ data was actually exposed. “We provided this notice out of an abundance of caution, but at this time Evolve has not indicated what, if any, Bilt user information has been impacted,” a Bilt employee posted on Reddit.

Similarly to the other entities, Bilt reassured users that their accounts remain secure and that the platform wasn’t directly impacted; hence, there’s no disruption to its operations.

Evolve has also promised to email individual notifications to all persons confirmed to have been impacted by the incident on July 8, 2024.

Due to the severity of the Evolve data breach, we will likely see further fintech companies disclose potential data breaches as the investigation continues.

So, what can you do to protect yourself in the wake of this breach? Stay vigilant, and make sure to keep an eye on your accounts for any suspicious activity. If you notice anything out of the ordinary, don’t hesitate to report it to the appropriate authorities.

And as always, remember that your cybersecurity is important – and we’re here to help you stay informed and keep your personal information safe. So, don’t forget to come back to our IT Services for more updates and insights into the ever-changing world of cybersecurity.