Affirm card users' personal information possibly compromised in Evolve Bank cyber attack

FILE PHOTO: Illustration shows words "Cyber Security\

(Reuters) - U.S. financial technology firm Affirm Holdings said on Monday that it believes that the personal information of Affirm card users was compromised as part of Arkansas-based Evolve Bank and Trust's cybersecurity incident.

Evolve Bank is a third-party issuer of Affirm card and last week was a victim of a cybersecurity incident that involved customers' data being illegally released on the dark web.

However, Affirm - which shares the personal information of its card users with Evolve to facilitate the issuance and servicing of the cards - confirmed that the company's systems were not compromised and Affirm card holders can continue using their cards.

A spokesperson for the Arkansas-based lender said at that time that they have engaged appropriate law enforcement agencies to aid in their investigation and response efforts.

Affirm also said that upon being notified of the Evolve cybersecurity incident, the company immediately began an investigation independent of Evolve's investigation to determine whether any personal information of Affirm card users were compromised.

This investigation, along with remediation efforts, is ongoing as of July 1, Affirm added.

(Reporting by Pritam Biswas in Bengaluru; Editing by Alan Barona)