Evolve Bank & Trust + Synapse = a perfect storm

I got an email the other day about a data breach at Evolve Bank. Who? I don’t deal with Evolve Bank. What’s going on?

The email came from Wise and reads as follows:

There’s been a data breach at Evolve Bank & Trust.

Evolve Bank & Trust is a regulated bank that we worked with from 2020 until 2023 to provide your old USD account details. They’ve recently been affected by a data breach and some of your personal information may have been involved.

This personal information does not include copies of any of the identification documents you’ve shared with us — these have not been shared with Evolve Bank & Trust at any point.

Your Wise account is safe

We no longer work with Evolve Bank & Trust, and have already strengthened our security measures. We’ve also started a thorough investigation into this data breach and can confirm that it has not impacted our systems. This means:

• your Wise account credentials, including your password, are safe, and you can use your account as normal
• you can continue to use your USD account details — these are no longer connected to Evolve Bank & Trust
• you can continue to use any Wise cards you may have as they were not impacted by this issue – your card number and PIN are safe

What you should do now

We strongly recommend that you keep an eye on your financial activity outside of Wise, including any accounts you may have linked to Wise.

If you receive any suspicious calls, texts or emails asking about sensitive information, please be extra cautious. Learn how to avoid phishing.

Learn more about our former relationship with Evolve Bank & Trust and the information we shared with them to provide your old USD account details.

Interestingly, many other firms work with Evolve Bank including Affirm, who recently got selected as Apple Pay’s preferred BNPL partner, Bitfinex and more. This is because Evolve Bank & Trust had focused upon being a major provider of  banking-as-a-service (BaaS) to many retail and commercial banks, and payment processors. Therefore, a data breach is a big deal.

How did it happen? According to a statement from Evolve, the data breach was caused by an “employee clicking on a malicious phishing link sent to him in late May”. Weirdly this announcement follows hot on the heels of the collapse of Synapse, a fintech firm that worked with Evolve. As CNBC reports:

Founded in 2014 by a first-time entrepreneur named Sankaet Pathak, Synapse was a player in the “banking-as-a-service” segment and helped customer-facing startups quickly access the rails of the regulated banking industry. It had contracts with 100 fintech companies and 10 million end users, according to an April court filing.

But when it collapsed, more than 100,000 Americans with $265 million in deposits were locked out of their accounts. Oh dear. That’s worrying. The timing is strange however for the data breach at Evolve and the collapse of Synapse. Yahoo summarises the situation pretty well:

The traditional lenders that partnered with Synapse included American Bank, AMG National Trust, and Lineage Bank. The largest was Evolve, which had roughly $1.5 billion in assets at the end of the first quarter … the problems surfaced shortly after Synapse filed for bankruptcy in April when it could not reach an agreement with Evolve on a settlement of funds. Three weeks into the bankruptcy proceedings, Synapse cut off Evolve's access to its technology system. That, in turn, forced Evolve and the other partner banks to freeze customer accounts. Both parties blamed each other as the culprit.

A data breach and fintech collapse collides to bring Evolve into focus ... sounds like a perfect storm.

Postscript: for more on this, I can recommend reading Ron Shevlin's LinkedIn update and this update from Crispy Bull:

The bankruptcy of Synapse Financial Technologies disrupted the fintech sector but also exposed significant compliance failures at Evolve Bank & Trust. This led to a Federal Reserve cease-and-desist order. Synapse, a key intermediary for fintech firms, collapsed under the weight of financial discrepancies and operational disputes, particularly with Evolve Bank. This prompted a regulatory crackdown on Evolve, mandating stringent oversight improvements. The dual crises underscore the urgent need for robust compliance frameworks in fintech partnerships to safeguard consumer interests and financial stability.