Wise is facing a data leak that could affect users in Spain who had accounts in dollars. Their name, address and ID number could be at risk after the LockBit group released the data.
Financial technology company Wise, also present in Spain, has suffered a data breach due to a cyberattack on a business partner, Evolve Bank & Trust, with which the firm worked from 2020 to 2023. This second firm managed Wise’s USD (US dollar) account data during the indicated period and, although Wise no longer works with Evolve, Wise customer data may be included in the data breach.
The LockBit group is responsible for this security breach, by carrying out a ransomware attack and demanding a ransom that Evolve refused to pay. As a result, customer data has been leaked on the Internet and, although it is still being investigated what information has been published exactly, it is believed that the keys or passwords to Wise accounts or cards are not at risk, so its customers can continue to use them.
However, the data that Evolve says has been leaked includes names, national ID numbers, bank account numbers and contact information. Wise has been cautious and advised its customers that the data shared with Evolve and therefore at risk of being leaked includes: name, address, date of birth, contact details (such as email or phone), social security number for US customers or other ID number for non-US customers (such as ID card).
According to Evolve’s statement on the circumstances of the attack, “It appears that they gained access to our systems when an employee inadvertently clicked on a malicious link. There is no evidence that the criminals accessed customer funds, but it appears that they did access and download customer information from our databases and a file share during the periods of February and May,” it said. release.
Wise warns its customers
In light of the situation, Wise, which operates in Spain as a banking option similar to Revolut, has sent an email to its customers on Tuesday warning them of this breach. They send a message of calm, assuring that the copies of the documents sent (such as a photocopy or photo of the ID) have not been leaked since at no time were they shared with Evolve. However, if the worst scenario comes true and LockBit had access to all the data that was shared with Evolve, the emails and other personal data could now be circulating on the deep web.
Although these are not sufficient to access bank accounts, Wise users in Spain, particularly those who had or have accounts in USD, would be advised to be extremely cautious against possible attempts at telephone scams or phishing. On the other hand, Wise works with a separate identity for its accounts in US dollars, so there is no reason not to continue using this service.
The data breach may also have affected other former or current Evolve partners, including Mastercard, Stripe, Visa, Step, and others.
