Evolve Bank and Trust has recently come under fire for a data breach involving the theft of 33 terabytes of user data, which they have known about for the past month but only notified end users about last week. The breach has been attributed to the Russia-based ransomware group Lockbit and reportedly includes personal details of Bitfinex users. The incident was linked to an employee clicking on a malicious link, causing some of the bank’s systems to malfunction.
Despite the breach, Evolve claims to have stopped the attack within days and has not seen any further unauthorized activity since May 31. The bank did not pay the ransom demand and reports that Lockbit mistakenly attributed the stolen data to the Federal Reserve. According to Fintech Business Weekly reporter Jason Mikula, Evolve did not notify affected fintechs or end users until the breach became public last week.
The stolen data from Evolve Bank includes personally identifiable information (PII) such as names, addresses, social security and tax ID numbers, dates of birth, account balances, and email addresses. The data reportedly comes from 155,586 accounts linked to firms like Bitfinex, Nomad, and Copper. An industry source described the breach as unprecedented in terms of the amount and sensitivity of the data that is now publicly available.
After the breach became known, Mikula received a cease and desist email from Evolve Bank. The reporter clarified that he had no intentions of sharing sensitive PII in his reporting. Additionally, an anonymous source claiming to be an executive affected by the breach requested the leaked files from Mikula as they had not received confirmation from Evolve.
An updated announcement from Evolve Bank on the breach was made today, revealing that there was unauthorized activity in late May which led to the data theft. This information was not disclosed in a previous version of the announcement on June 26. Despite the breach, Evolve Bank assures that the attack has been contained and that they are taking steps to prevent future incidents.
In conclusion, the data breach at Evolve Bank and Trust involving the theft of 33 terabytes of user data has raised concerns about the security of personal and financial information. The incident was linked to the Russia-based ransomware group Lockbit and affected a large number of accounts, including those of Bitfinex users. It is essential for financial institutions to prioritize cybersecurity measures to protect customer data and prevent unauthorized access.