Login
Evolve Bank & Trust Data Breach Affects Over 7.6 Million Customers
Bite-Sized Cybersecurity Blog
Blog
July 19, 2024
Evolve Bank & Trust Data Breach Affects Over 7.6 Million Customers

Toward the end of June, the LockBit gang released a statement that their group had broken into the United States Federal Reserve systems and reported the exfiltration of 33 TB of sensitive data, including, as they put it, “Americans’ banking secrets.” This announcement caught a lot of attention because of the implications of such an event. A closer look at the document, however, showed that the leaked data is on Evolve Bank & Trust, an Arkansas-based financial institution. Documents found in a posting to the LockBit group’s Tor leak site on June 26 were verified to be of their provenance. The Federal Reserve was never hit in the first place.

After this breach, Evolve Bank & Trust responded in time by releasing a release over its website. In the same release, the bank confirmed the breach, revealing that they are currently investigating the matter. The bank admitted that some personal information would have been accessed during the incident. Because the bank refused to pay some ransom money to the attackers, it caused the gang to go public with the stolen data.

Evolve Bank & Trust, in an official statement, detailed their informing retail banking customers and customers of financial technology partners of the breach. They underlined working towards setting things straight and, eventually, provided remedies that included further steps individuals could take to secure their information. The bank had given intensive care to how they would manage the aftermath of the incident.

The bank also reported to the relevant authorities, and the breach was successfully contained. In a June 26, 2024 update, the bank indicated that its debit cards for customers were not in any way affected by the breach or the credentials for online and digital banking.

Following the incident, Evolve Bank & Trust started informing more than 7.6 million individuals whose information might be affected by the incident. The data breach notification was filed with the Office of the Maine Attorney General, including 7,640,112 affected individuals. “Since May 31, we have not identified any further new unauthorized activity on our network,” the bank said.

The bank first detected atypical behavior on some of Evolve’s systems on May 29, 2024. What initially looked like hardware failure turned out to be a breach. Evolve responded through its incident response processes and shut down the attack. They then launched an intensive evaluation of the extent to which the hack had gone and the data it affected, in collaboration with a cybersecurity firm. The bank also moved to further fortify its systems to forestall a repeat of such an incident and reported the breach to authorities. Though there was no evidence of the attackers accessing customer funds, it was confirmed that the customer information had been accessed and downloaded.

Related Posts

Bite-Sized Offensive Cybersecurity Newsletter

We value your time and deliver only the most interesting and impactful updates straight to your inbox. No spam. Unsubscribe anytime.

Join over 10,000 people who have already subscribed.

Newsletter