Evolve Bank & Trust confirmed that millions of clients' personal data were compromised in a recent breach.
On Monday, Evolve informed Maine's attorney general that the hack exposed the personal data of at least 7.6 million people, including more than 20,000 Maine customers, per TechCrunch.
Evolve did not identify the categories of data exposed in the filing, but a prior statement on its website indicated that attackers gained personal banking clients' names, Social Security numbers, bank account numbers, and contact information. The hackers compromised the personal data of Evolve workers and the clients of their financial technology partners.
LockBit Ransomware Involved in Evolve Data Breach
One of Evolve's partners, Affirm, stated that the hack "may have compromised some data and personal information" of its clients.
TechTimes reported last week that Wise, the Evolve Bank & Trust data breach may have harmed certain clients. It stated that customers who "may have been affected by this data breach directly." will be emailed.
In June, LockBit fraudulently claimed a Federal Reserve hack. The breach turned out to contain Evolve Bank and Trust data.
BleepingComputer reported that Evolve began an inquiry into the incident. It found that a LockBit member seized Evolve's database and file shares after an employee clicked on a malicious link.
Evolve stated that client money was secure, but acknowledged that the assault had affected some fintech customers. Affirm, Wise, and Bilt independently verified that LockBit affected Evolve customers.
Evolve notified the concerned parties that some of its systems were not functioning properly on May 29, 2024. The bank said that it learned that the issue, initially perceived as "hardware failure, was due to "unauthorized activity."
Read Also: Symantec Discovers New SMS Phishing Campaign Targeting Apple IDs: How to Protect Yourself From It
Exact Scope of The Data Breach Still Unknown
The first breach occurred on February 9, 2024, according to the data breach notification, giving attackers over four months to infiltrate Evolve's network.
Evolve now offers two years of credit monitoring and identity protection for U.S. citizens, as well as dark web monitoring for overseas residents. By October 31, 2024, recipients must enroll.
For an update on Evolve's cybersecurity incident, click the link: https://t.co/0qviVCGc05 pic.twitter.com/i9DbGuxpEA
— Evolve Bank & Trust (@getevolved1925) July 8, 2024
The sample letter to authorities does not specify the types data exposed. Evolve advised affected clients to avoid unsolicited messages, watch account statements and credit histories, and report unusual behavior to authorities.
Evolve collaborates with Shopify, Plaid, Stripe, and Mercury. These firms have not confirmed LockBit ransomware exposure. After a threat actor tried to sell 180,000 Shopify users' data, the company denied a data breach, as per the report.
The shared data contains full names, email addresses, phone numbers, order details, and Shopify account details. According to Evolve, it would contact affected customers.
Financial company Mercury claimed on social networking site X that Evolve's security breach included client account and deposit balance data. Mercury advised worried clients about data protection.
Evolve Bank stated in a blog that it will not pay hackers ransom. The bank changed global passwords and rebuilt Active Directory and stronger firewalls after the data intrusion.
On X, Evolve Bank & Trust advised clients to keep updated on the data breach developments.
