Incident Overview
Evolve Bank & Trust, a prominent U.S.-based banking-as-a-service provider, disclosed a significant data breach where cybercriminals accessed personal information belonging to millions of customers.
Scope of the Breach
In a recent filing with Maine’s attorney general, Evolve confirmed that personal data of approximately 7.6 million individuals, including over 20,000 customers from Maine, was compromised during the cyberattack. The fallout from the incident continues to unfold.
Details of the Compromised Data
Evolve has not specified the exact types of data breached in the filing but previously stated that attackers accessed names, Social Security numbers, bank account details, and contact information of personal banking customers. Additionally, personal data of Evolve employees and information from its financial technology partners, including Affirm and Mercury, were also affected.
Impact on Partners
Affirm acknowledged that some of its customers’ data may have been compromised due to the Evolve breach, while Mercury reported impacts on account numbers, deposit balances, business owner names, and emails.
Further Investigations
Evolve is still investigating the extent of the breach and whether other types of personal information, such as data related to business, trust, and mortgage customers, were affected.
Attribution and Response
The breach, attributed to the Russia-linked LockBit ransomware gang, was identified by Evolve in May following an intrusion detected earlier this year. Despite the ransom demand, Evolve chose not to pay, prompting LockBit to publish the compromised data on a dark web leak site.
Customer Notification
In notifications to affected customers, Evolve disclosed that hackers accessed and downloaded customer information from its databases and file shares between February and May 2024.
FAQ: Frequently Asked Questions
Q: What types of personal data were compromised in the Evolve Bank data breach? A: The breach compromised names, Social Security numbers, bank account details, and contact information of Evolve’s personal banking customers, along with data from its employees and financial technology partners.
Q: Which ransomware gang was responsible for the Evolve Bank data breach? A: The breach was carried out by the Russia-linked LockBit gang, known for ransomware attacks and data exfiltration.
Q: Did Evolve Bank pay the ransom demanded by the hackers? A: No, Evolve Bank did not pay the ransom demand, leading to the publication of compromised data by the attackers on dark web platforms.
This structured approach ensures clarity and adherence to SEO and AdSense guidelines while providing essential information on the Evolve Bank data breach.
