Evolve Bank Data Breach Exposes Sensitive Information of Over 150,000 Accounts

Evolve Bank and Trust recently disclosed a ransomware attack that resulted in the theft of 33 terabytes of user data, exposed sensitive information linked to over 150,000 accounts, and revealed significant cybersecurity lapses.

Disappearance of Customer Deposits

Evolve Bank and Trust has confirmed a significant data breach that resulted in the theft of 33 terabytes of user data. The bank has been aware of the situation for the past month but only disclosed it to users last week. 

The bank had been facilitating customer accounts for the fintech firm Synapse, which declared bankruptcy in April. Following Synapse's collapse, $109 million in customer deposits held by several banks, including Evolve, for fintech firm Yotta reportedly vanished. 

Ransomware Group Leaks Sensitive Data

The ransomware group Lockbit, responsible for the attack, demanded an undisclosed ransom, stating that initial negotiations had failed and suggesting Evolve hire a new negotiator within 48 hours. 

The group then leaked the stolen data, which included parent directories, torrents, and compressed archive files from Evolve Bank and Trust. Lockbit had previously threatened to release data from the Federal Reserve, alleging it contained Americans' banking secrets.

As part of the data leak, Lockbit released a press statement highlighting the Federal Reserve’s enforcement action against Evolve Bank. The bank had agreed to a cease-and-desist order in June after the Federal Reserve found it engaged in unsafe and unsound banking practices, particularly in its fintech partnerships. 

The bank did not pay the ransom and asserted that Lockbit incorrectly attributed the data to the Federal Reserve.

Delayed Notification and Data Content

Despite these events, Evolve Bank only notified impacted fintechs and end users when the breach became public last week. The bank reported on Monday that its systems experienced unauthorized activity in late May caused by an employee clicking on a malicious link. Evolve claims to have halted the attack within days and has not observed further unauthorized activity since May 31.

The stolen data includes personally identifiable information (PII) such as names, addresses, social security and tax ID numbers, dates of birth, account balances, and email addresses. The data is linked to 155,586 accounts associated with firms, including Bitfinex, Nomad, and Copper Banking.

Reporting and Legal Actions

Jason Mikula of Fintech Business Weekly reported on the breach, noting Evolve Bank's delay in notifying those affected. Mikula later received a cease and desist email from Evolve after his reporting, clarifying that he had no intention of sharing sensitive PII.

An anonymous executive affected by the breach reportedly asked Mikula for the leaked files, as they had not received confirmation from Evolve.

Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.