{"id":24805,"date":"2024-07-03T04:10:12","date_gmt":"2024-07-03T12:10:12","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2024\/07\/03\/news-18535\/"},"modified":"2024-07-03T04:10:12","modified_gmt":"2024-07-03T12:10:12","slug":"news-18535","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2024\/07\/03\/news-18535\/","title":{"rendered":"Affirm says Evolve Bank data breach also compromised some of its customers"},"content":{"rendered":"\n<p>&#8216;Buy now, pay later&#8217; payment specialist Affirm has warned that holders of its payment cards had their personal information exposed after a ransomware attack and <a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2024\/06\/federal-reserve-breached-data-may-actually-belong-to-evolve-bank\">data breach at Evolve Bank &amp; Trust<\/a>.<\/p>\n<p>In a <a href=\"https:\/\/www.sec.gov\/Archives\/edgar\/data\/1820953\/000182095324000027\/afrm-20240625.htm\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">form 8-K<\/a>, submitted to the Securities and Exchange Commission (SEC), Affirm states:<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cBecause the Company [Affirm Holdings, Inc] shares the Personal Information of Affirm Card users with Evolve to facilitate the issuance and servicing of Affirm Cards, the Company believes that the Personal Information of Affirm Card users was compromised as part of Evolve\u2019s cybersecurity incident.\u201d<\/p>\n<\/blockquote>\n<p><a href=\"https:\/\/www.getevolved.com\/about\/news\/cybersecurity-incident\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">According to Evolve<\/a>, the attack started after &#8220;an employee inadvertently clicked on a malicious internet link.\u201d Evolve refused to pay the ransom, and so the attackers leaked the data they downloaded.<\/p>\n<p>Affirm isn&#8217;t the only fintech company affected by the Evolve breach. Business bank <a href=\"https:\/\/x.com\/mercury\/status\/1806060971909149151?s=46&amp;t=_Gt0IOxUX1g5SQKIEpM78Q\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Mercury also notified customers<\/a>\u00a0that the data stolen from Evolve Bank &amp; Trust included some account numbers, deposit balances, business owner names, and emails associated with Mercury and other fintech accounts.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cAffected Mercury customers have been notified of the breach and the preventative steps we are taking to keep customer funds secure.\u201d<\/p>\n<\/blockquote>\n<p>Money transfer service and payment platform builder Wise also published a&nbsp;<a href=\"https:\/\/wise.com\/help\/articles\/1Tyvn34K9tp08aZ0y0Hqe0\/data-breach-at-evolve-bank-trust-in-the-us\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">statement on its website<\/a>, informing customers&nbsp;it had shared full names, addresses, contact details, Social Security numbers, and other sensitive information with Evolve as part of a partnership between 2020 and 2023.<\/p>\n<p>So, it\u2019s entirely possible that other financials may come forward with similar notifications. <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/affirm-says-cardholders-impacted-by-evolve-bank-data-breach\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Reportedly<\/a>, Evolve has active partnerships with multiple fintech companies, including Shopify, Bilt, Plaid, and Stripe.<\/p>\n<p>Keep your eyes and ears open and be wary of phishing attempts related to these breaches.<\/p>\n<h2 class=\"wp-block-heading\" id=\"h-protecting-yourself-after-a-data-breach\">Protecting yourself after a data breach<\/h2>\n<p>There are some actions you can take if you are, or suspect you may have been, the <a href=\"https:\/\/www.malwarebytes.com\/blog\/personal\/2023\/09\/involved-in-a-data-breach-heres-what-you-need-to-know\">victim of a data breach<\/a>.<\/p>\n<ul>\n<li><strong>Check the vendor&#8217;s advice.<\/strong> Every breach is different, so check with the vendor to find out what&#8217;s happened, and follow any specific advice they offer.<\/li>\n<li><strong>Change your password.<\/strong> You can make a stolen password useless to thieves by changing it. Choose a&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/www.malwarebytes.com\/computer\/how-to-create-a-strong-password\" target=\"_blank\">strong password<\/a>&nbsp;that you don&#8217;t use for anything else. Better yet, let a&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/www.malwarebytes.com\/what-is-password-manager\" target=\"_blank\">password manager<\/a>&nbsp;choose one for you.<\/li>\n<li><strong>Enable two-factor authentication (2FA).<\/strong> If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/www.malwarebytes.com\/glossary\/multi-factor-authentication-mfa\" target=\"_blank\">two-factor authentication (2FA)<\/a>&nbsp;can be phished just as easily as a password. 2FA that relies on a FIDO2 device can\u2019t be phished.<\/li>\n<li><strong>Watch out for fake vendors.<\/strong> The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify the&nbsp;identity of anyone who contacts you&nbsp;using a different communication channel.<\/li>\n<li><strong>Take your time.<\/strong> Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.<\/li>\n<li><strong>Consider not storing your card details<\/strong>. It&#8217;s definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.<\/li>\n<li><strong>Set up identity monitoring.<\/strong> <a href=\"https:\/\/go.cyrus.app\/MN4j\/fkkekmw9\" target=\"_blank\" rel=\"noreferrer noopener\">Identity monitoring<\/a> alerts you if your personal information is found being traded illegally online, and helps you recover after.<\/li>\n<\/ul>\n<h3 class=\"wp-block-heading\" id=\"h-check-your-digital-footprint\">Check your digital footprint<\/h3>\n<p>Malwarebytes has a free tool for you to check how much of your personal data has been exposed online. Submit your email address (it\u2019s best to give the one you most frequently use) to our\u00a0<a href=\"https:\/\/www.malwarebytes.com\/digital-footprint\">free Digital Footprint scan<\/a>\u00a0and we\u2019ll give you a report and recommendations.<\/p>\n<div class=\"wp-block-malware-bytes-button mb-button\" id=\"mb-button-7ba16f0b-04e8-4679-9512-2f21a0971dcf\">\n<div class=\"mb-button__row u-justify-content-center\">\n<div class=\"mb-button__item mb-button-item-0\">\n<p class=\"btn-main\"><a href=\"https:\/\/www.malwarebytes.com\/digital-footprint?utm_source=blog&amp;utm_medium=social&amp;utm_campaign=b2c_pro_acq_fy25dfplaunch_171269600960&amp;utm_content=V1\"><\/a><a href=\"https:\/\/www.malwarebytes.com\/digital-footprint\">SCAN NOW<\/a><\/p>\n<\/div>\n<\/div>\n<\/div>\n<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2024\/07\/affirm-says-evolve-bank-data-breach-also-compromised-some-of-its-customers\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p> Buy now and pay later provider Affirm has notified the SEC that customer data of its card users was compromised in the Evolve data breach. <\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[31600,11172,31586,25136,32,5897,26404],"class_list":["post-24805","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-affirm","tag-data-breach","tag-evolve","tag-mercury","tag-news","tag-privacy","tag-wise"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/24805","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=24805"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/24805\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=24805"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=24805"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=24805"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}