Evolve Bank & Trust recently made a shocking revelation that hackers managed to breach their systems and access the data of over 7.6 million individuals. This security incident was first detected in May, and the Arkansas-based bank has been dealing with the aftermath ever since.
The breach came to light after Evolve’s name appeared on the leak site associated with LockBit, a Russian-speaking ransomware-as-a-service operation, at the end of June. Since then, the bank has been transparent about the breach and has been working to address the situation.
According to the official disclosure from Evolve, the initial signs of a malicious breach were detected on May 29, initially attributed to a “hardware failure.” However, further investigation revealed that hackers had actually infiltrated the bank’s systems as far back as February. The company stated that no new unauthorized activity has been identified on their systems since May 31, 2024.
The total number of individuals affected by this breach is a staggering 7,640,112, including both Evolve clients and customers of its banking platform. Evolve Bancorp, the parent company, operates both a traditional bank and open banking services, catering to various fintech companies through banking as a service.
While Evolve did not specify the exact types of data that were compromised in the breach, they have confirmed that names, Social Security numbers, bank account numbers, and contact information were among the stolen information. This breach has had far-reaching consequences, as affected customers of Evolve, including prominent companies like Affirm and Wise, are now notifying their own customers about the breach.
The timing of this incident couldn’t have been worse for Evolve, as just before the breach was disclosed, the Federal Reserve Board had ordered the bank to enhance its anti-money laundering and risk management programs. Interestingly, LockBit initially claimed to have targeted the Federal Reserve itself, based on a stolen document that mentioned the “United States Federal Reserve.” However, it was later clarified that the actual victim was Evolve Bank & Trust.
In the aftermath of this breach, Evolve is working tirelessly to mitigate the damage and enhance its security measures to prevent similar incidents in the future. The financial industry as a whole is closely watching how Evolve handles this situation and reinforces its cybersecurity defenses to protect both their own interests and those of their customers.
Overall, this breach serves as a stark reminder of the constant threat posed by cybercriminals and the critical importance of robust cybersecurity measures in safeguarding sensitive data. As Evolve and other organizations work to recover from such incidents, it underscores the necessity of proactive security measures and swift incident response protocols to minimize the impact of data breaches on individuals and businesses alike.