Evolve Bank & Trust recently experienced a data breach that compromised customer information. Over the past several weeks, an investigation has been conducted to understand the extent of the security incident and its impact on Mercury customers.
According to Evolve’s analysis, sensitive information such as social security numbers and identity documents (driver’s licenses and passports) was not exposed. These details are typically shared via unique links that expire after 24 hours or through a secure case management system, both of which remained protected during the breach. Furthermore, Mercury account credentials and passwords were not accessed as Mercury does not share this information with partners.
However, certain types of customer data were exposed. This includes names, phone numbers, addresses, and email addresses for businesses and their beneficial owners. Other compromised information consists of overall account balances, business bank account numbers, business EINs, and transaction details. This transaction information includes the sender and receiver’s addresses, account numbers, and transaction amounts.
The reason Evolve Bank & Trust holds this information is that when Mercury customers open an account, they also open an individual demand deposit account (DDA) with Evolve. This makes them direct clients of the bank, requiring Evolve to have detailed information on its customers.
Despite the breach, there is no evidence of increased fraud against Mercury customers. Nevertheless, customers are advised to take preventive measures to secure their funds. This includes monitoring for suspicious ACH pulls and enabling ACH authorizations to flag unauthorized transactions before they are processed.
Evolve Bank & Trust is committed to resolving the issue and ensuring the security of customer information. Further updates will be provided as the investigation continues.
To delve deeper into this topic, please read the full article on Mercury bank.
