Security News > 2024 > July > Affirm says cardholders impacted by Evolve Bank data breach

Buy now, pay later loan company Affirm is warning that holders of its payment cards had their personal information exposed due to a data breach at its third-party issuer, Evolve Bank & Trust.

After researchers analyzed the data, it was determined that it had been stolen from Evolve Bank & Trust, which confirmed to BleepingComputer that the data belonged to them.

Affirm, one of Evolve's clients, is now warning its customers that their personal and financial information might have been exposed in the Evolve data breach.

Affirm shares customer data with Evolve as required to issue Affirm Cards, a debit card that lets you pay for purchases over time.

"On June 25, 2024, Evolve Bank & Trust, the third-party issuer of the Affirm Card, notified Affirm that Evolve had experienced a cybersecurity incident whereby a third party gained unauthorized access to personal information and financial information of Evolve retail banking customers and the customers of its financial technology partners," reads the 8-K filing.

"Because the Company shares the Personal Information of Affirm Card users with Evolve to facilitate the issuance and servicing of Affirm Cards, the Company believes that the Personal Information of Affirm Card users was compromised as part of Evolve's cybersecurity incident."

News URL

https://www.bleepingcomputer.com/news/security/affirm-says-cardholders-impacted-by-evolve-bank-data-breach/