Create your very own Auto Publish News/Blog Site and Earn Passive Income in Just 4 Easy Steps
- Evolve Bank & Trust was reportedly the victim of a ransomware attack and data theft by the hacker group LockBit.
- LockBit claims to have released 33 terabytes of data, including sensitive personal information.
- The bank is investigating the breach together with law enforcement and government authorities.
Evolve Bank & Trust has reportedly fallen victim to a ransomware attack and subsequent data theft orchestrated by the hacker group LockBit. The attack has raised significant concerns about the security of sensitive financial data.
According to reporting by Jason Mikula in Fintech Business Weekly, the leak consists of plain text files containing the following information: PII of account holders, including name, address, email, phone number, unencrypted SSN/TIN, date of birth, fintech platform, account information, status, type, account balance, last activity, open date, account number, daily limits.
Evolve was already struggling with the fallout from the Synapse banking-as-a-service debacle, which left thousands of fintech customers of apps like Yotta frozen with Evolve.
Bank response and investigation
When reports of the data theft emerged on June 25, Evolve Bank & Trust sent an email to customers of its Open Banking Division confirming the situation. The email said the bank was working with law enforcement and government agencies to investigate the data theft.
An Evolve spokesperson told The College Investor on June 26:
Evolve is currently investigating a cybersecurity incident involving a known cybercriminal organization. It appears that these actors have been publishing illegally obtained data on the dark web. We are taking this matter extremely seriously and are working diligently to resolve the situation. Evolve has engaged the appropriate law enforcement authorities to assist us with our investigation and response efforts. This incident has been contained and there is no ongoing threat.
In response to this event, we are offering free credit monitoring with identity theft protection to all affected customers (end users). Those affected will be contacted directly and given instructions on how to enroll in these protections. In addition, affected customers will be provided with new account numbers if needed.
Updates and additional information will be posted on our website as they become available.
Regulatory control
The incident comes at a particularly difficult time for Evolve Bank, which was recently hit with a enforcement action by its primary regulator, the Federal Reserve Board.
The enforcement action addressed deficiencies in the bank's IT practices and required the development of a plan to address those issues. This regulatory pressure underscores the urgent need for robust cybersecurity procedures.
Evolve Bank is well known in the FinTech community for its partnerships with numerous high-profile companies, including Mercury, Stripe, Affirm, Alloy, Branch, Dave, EarnIn, Prizepool, Step, and TabaPay. The breach raises concerns about the potential impact on these FinTech partners and their customers, especially in light of the Federal Reserve's actions regarding the way Evolve can interact with its FinTech partners.
looking ahead
The Evolve Bank & Trust breach continues to be an evolving issue.
The impact will have significant consequences for the bank, its customers and the wider FinTech community.
Again, it's important for consumers to know whether they're banking with a banking-as-a-service company or directly with an FDIC-insured depository institution (or an NCUA-covered institution if you use a credit union). Your level of protection may vary depending on the services you use.
Don’t miss these other stories:
How to switch banks step by step FinTech crisis leaves millions of Americans unable to access their money The 10 best free checking accounts in 2024
Create your very own Auto Publish News/Blog Site and Earn Passive Income in Just 4 Easy Steps
