Evolve Bank & Trust's cybersecurity breach perpetrated by the LockBit ransomware group impacts over 7.6 million individuals.
The incident was first detected on May 29, 2024, when Evolve noticed irregularities in its systems. Initially thought to be a hardware malfunction, further investigation revealed it to be a hacking incident. By May 31, 2024, the unauthorized activity was halted. The attackers had gained access to customer data from Evolve's databases and file shares during breaches in February and May 2024.
The compromised data includes:
- Names
- Social Security numbers
- Bank account numbers
- Contact information
Notably, no customer funds were affected by the breach. Upon discovery, Evolve engaged a cybersecurity firm to conduct a thorough investigation and collaborated with law enforcement to bolster its security measures. The bank has implemented several enhancements, including global password resets, reconstruction of critical identity access management components, and deployment of advanced endpoint detection tools.
LockBit's ransomware attack resulted in the leaking of the stolen data after Evolve refused to pay the ransom. This breach has affected multiple entities, including two of Evolve's partners, Affirm and Wise. Affirm, which issues the Affirm Card in collaboration with Evolve, confirmed that while its systems were not directly accessed, the personal information of Affirm Card users might have been compromised. Similarly, Wise, which partnered with Evolve from 2020 to 2023, reported a potential compromise of some customer information, though account credentials and card information remained secure.
Evolve Bank & Trust is a financial services provider based in Memphis, Tennessee. It offers banking and trust services, including Banking-as-a-Service products. The bank plays a pivotal role in the financial sector, hosting accounts and providing mobile banking solutions to various entities. Given the sensitive nature of the data involved, the breach will have a significant impact on Evolve's customers.
To support affected customers, Evolve is offering a complimentary 24-month membership to TransUnion's credit monitoring and identity theft protection services. Customers have been notified electronically starting July 8, 2024, and can enroll in these services by October 31, 2024. Evolve has also set up a dedicated call center to assist customers with questions and concerns regarding the breach.
Defense advice:
- Regularly review bank statements and credit reports for any unauthorized activity.
- Place free fraud alerts with major credit bureaus (Equifax, Experian, TransUnion).
- Utilize the free credit monitoring and identity theft protection services offered by Evolve.
- Immediately report any signs of fraud to financial institutions and law enforcement.
- Be cautious of phishing attempts and follow best practices for online security.
New Kematian Stealer Distributed to Cybercriminals Over GitHub
Leave a Reply