A recent data breach has taken place at Evolve Bank, exposing the personal and financial information of Affirm cardholders and potentially other customers. This is another example of the vulnerabilities afflicting some financial institutions.
Evolve Bank & Trust announced that it was hacked and confirmed the stolen data has been posted to the dark web.
Looking at the fall-out and future actions for digital Journal is I Jason Kent, Hacker in Residence at Cequence.
Kent begins by assessing the impact upon the finance sector and what this latest cybersecurity incident signals: “As we keep seeing aggregation attacks impacting more and more organizations its going to be on the consumer to be more and more vigilant.”
This connects with developments in technology, as Kent explains: “Online transactions are a common question I get, but companies like Affirm are making Point-of-Sale (POS) loans possible in physical stores. Think of it like Apple Pay, but instead of your credit card, Affirm is the credit card, cutting out the middleman. Use your Affirm app and that new Lay Z Boy is all but scheduled for delivery. Often Affirm has better terms than a credit card allowing longer pay back periods and flexible payment options.”
This leads to considerations about the limitations of the technology. Here kent considers: “But what happens when someone breaches a platform that interacts with Affirm, perhaps that contains Affirm card holder data, PII and all of the other terrible things we don’t want breached, again.”
Answering this, Kent goes on to state: “Well if you are an Affirm customer, especially if you have dealt with Evolve Bank at all, your data has been breached. This means you should be thinking about two things.”
In terms of the steps, Kent advises: “First, contact Affirm and let them know you don’t want further transactions on your account until all of this is resolved.”
Following this: “Second, monitor your credit. I assume you already have credit monitoring via some other breach but if not, its relatively easy to pull your credit report. If you haven’t gotten your free one this year, go get it.”
Concluding, Kent says: “Third, be vigilant around anything that mentions Affirm or Evolve Bank that asks for you to take action either by clicking a link or having you call a phone number that isn’t the one on the back of your card.”
In terms of summing up, Kent observes: “These breaches happen for many reasons, the impact can come immediately after or it can take a while for the database to filter through the various entities on the black market. Just know this is all compromised and how to make sure you are protected.”
