Data Breach at Evolve Bank & Trust: What You Need to Know!

In a significant security incident that has raised concerns among consumers, Evolve Bank & Trust has reported a data breach. This bank was an operational partner of the financial services provider Wise from 2020 until 2023. The breach has potential implications for the personal information of numerous customers.

Background of Evolve Bank & Trust’s Partnership with Wise

Evolve Bank & Trust has been a key player in the banking sector, offering various financial services. During their partnership, they facilitated USD account details for Wise’s customers. This collaboration ended in 2023, but the details of this partnership have now come under scrutiny due to the breach.

The breach was detected recently, triggering an immediate response from both Evolve Bank & Trust and Wise. It was reported that while specific personal details were exposed, no identification documents that Wise’s customers shared with the service provider were compromised, as these documents were never accessible to Evolve Bank & Trust.

Implications for Wise Customers

Wise has been quick to reassure its users:

• Security of Wise Accounts: Wise’s systems have not been breached, and thus, customer credentials remain secure. Wise accounts are safe to use as usual without resetting passwords.
• USD Account Operations: USD accounts previously facilitated through Evolve Bank & Trust are unaffected. Customers can continue using their account details without any concerns.
• Safety of Wise Cards: The security of Wise debit cards has not been compromised. Card numbers, PINs, and other critical details remain secure, and customers can continue using their cards as usual.

Recommended Actions for Customers

Given the nature of the breach, Wise recommends the following proactive steps for its customers:

• Vigilance: Customers should monitor their financial statements and activity for unauthorized or suspicious transactions.
• Beware of Phishing: Following such breaches, there is a heightened risk of phishing attacks. Customers should be cautious about unsolicited communications asking for personal information.
• Credit Monitoring: Wise offers affected customers complimentary credit monitoring and identity theft protection services. These services will help detect early any misuse of their information.

Legal and Regulatory Implications

Laws and Regulations Relevant to the Breach

1. Gramm-Leach-Bliley Act (GLBA)
   • Requires financial institutions to explain their information-sharing practices and to safeguard sensitive data.
   • The breach might indicate non-compliance with the GLBA’s provisions on data protection.
2. Payment Card Industry Data Security Standard (PCI DSS)
   • Set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment.
   • A breach involving credit card information could signify a violation of these standards.
3. State Data Breach Notification Laws
   • Most states have laws requiring businesses to notify individuals of security breaches involving personal information.
   • The specific requirements vary by state, but non-compliance can result in penalties and fines.
4. General Data Protection Regulation (GDPR)
   • If the breach involved European Union citizens, GDPR may apply.
   • GDPR mandates strict data protection and privacy requirements and imposes severe fines for non-compliance.

Potential Legal Consequences for the Bank

1. Fines and Penalties
   • Regulatory bodies can impose significant fines for non-compliance with data protection laws.
   • Potential fines under GDPR can reach up to 4% of the annual global turnover or €20 million, whichever is higher.
2. Lawsuits
   • Affected customers may file class-action lawsuits seeking compensation for damages resulting from the breach.
   • Legal battles can be lengthy and costly, potentially leading to substantial settlements or judgments against the bank.
3. Loss of License or Certification
   • In severe cases, regulatory bodies might revoke the bank’s operating licenses or certifications.
   • This can significantly impact the bank’s ability to operate and do business.
4. Reputational Damage
   • Legal and regulatory scrutiny can harm the bank’s reputation.
   • Loss of customer trust can lead to decreased business and long-term financial implications.

How to Protect Yourself

Steps for Affected Customers to Take

1. Monitor Your Accounts Regularly
   • Frequently check your bank and credit card statements for any unauthorized transactions.
   • Use mobile banking apps to receive real-time alerts for any suspicious activity.
2. Change Your Passwords
   • Immediately update passwords for your online banking and other sensitive accounts.
   • Use strong, unique passwords that combine letters, numbers, and special characters.
3. Enable Two-Factor Authentication (2FA)
   • Activate 2FA on your accounts to add an extra layer of security.
   • This requires a second form of verification (e.g., a text message code) in addition to your password.
4. Place a Fraud Alert on Your Credit Report
   • Contact one of the major credit bureaus (Experian, TransUnion, or Equifax) to place a fraud alert on your file.
   • This makes it harder for identity thieves to open new accounts in your name.
5. Freeze Your Credit
   • Consider placing a credit freeze, which prevents new creditors from accessing your credit report.
   • This can help stop identity thieves from opening accounts or taking out loans in your name.
6. Review Your Credit Reports
   • Obtain free copies of your credit reports from AnnualCreditReport.com and check for any inaccuracies.
   • Report any suspicious or unfamiliar accounts to the credit bureaus.
7. Report Suspicious Activity
   • Immediately report any unauthorized transactions or suspicious activity to your bank.
   • If you suspect identity theft, file a report with the Federal Trade Commission (FTC) at IdentityTheft.gov.

General Tips for Safeguarding Personal Information

1. Use Strong, Unique Passwords
   • Avoid using easily guessable passwords or the same password across multiple sites.
   • Consider using a password manager to generate and store complex passwords securely.
2. Be Wary of Phishing Scams
   • Avoid unsolicited emails, texts, or phone calls asking for personal information.
   • Verify the request’s legitimacy by contacting the organization using a known, trusted number.
3. Secure Your Devices
   • Install and regularly update antivirus and anti-malware software on your devices.
   • Enable automatic updates for your operating system and applications to protect against vulnerabilities.
4. Limit Sharing of Personal Information
   • Be mindful of the information you share online, particularly on social media.
   • Avoid sharing sensitive details like your Social Security number, birthdate, or address unless absolutely necessary.
5. Use Encrypted Connections
   • Ensure websites use HTTPS (indicated by a padlock icon in the browser) when entering personal information.
   • Avoid using public Wi-Fi for sensitive transactions; use a virtual private network (VPN) for added security.
6. Secure Your Mail
   • Collect your mail promptly and consider using a locked mailbox.
   • Shred documents containing personal information before disposing of them.
7. Regularly Back Up Data
   • Keep backups of important personal and financial information in a secure location.
   • Use cloud services with strong security measures or external hard drives for backups.
8. Stay Informed
   • Keep up-to-date with the latest security threats and data breach news.
   • Follow recommendations from trusted sources like the FTC, FBI, and your financial institutions.

Ongoing Investigation and Measures

Wise has initiated a comprehensive investigation into the breach in collaboration with cybersecurity experts. The company is reviewing and enhancing its security frameworks to prevent future incidents. This includes auditing and strengthening the security protocols that govern partnerships and third-party engagements.

Wise is committed to educating its customers about data security best practices. This includes understanding the risks of data breaches, recognizing phishing attempts, and using strong, unique passwords for all online accounts.

Closing Words!

The data breach at Evolve Bank & Trust is a stark reminder of the persistent threats in the digital banking landscape. While Wise’s systems were not directly compromised, the incident has led to increased security measures and customer education initiatives. Wise is determined to uphold its reputation by ensuring customer trust through transparent communications and robust security practices.

Further updates will be provided as this situation evolves. Wise also encourages all customers to stay informed through official updates and contact for breach assistance. The safety and security of customer information remain a top priority for Wise as it navigates this challenging period.