The recent cyberattack against Evolve Bank & Trust compromised the data of more than 7 million customers, with the bank notifying affected individuals beginning this week.
The breach occurred on Feb. 9 and was discovered on May 29, the filing said. The bank began notifying affected customers on July 8, stating in a letter that the hacking incident “did not impact” their funds stored with Evolve.
“There is no evidence that the threat actors accessed any customer funds, but it appears the threat actors did access and download customer information from Evolve’s databases and a file share during periods in February and May 2024,” the letter reads.
The stolen information likely included customers’ names, Social Security numbers, bank account numbers, and contact information, according to the bank. Personal information of Evolve employees was also likely affected, it said.
According to law firm Schubert Jonckheer & Kolbe LLP, which is investigating potential claims related to the breach, the hacking group claimed it stole “33 terabytes of juicy banking information.” The information was subsequently released by the hackers to the dark web, the law firm said.
“[The hackers] appear to have gained access to our systems when an employee inadvertently clicked on a malicious internet link,” the bank stated. Evolve refused to pay the ransom demanded by the hackers, following which the hackers released the stolen data.
Another financial institution that suffered a data breach this year was Financial Business and Consumer Solutions Inc., based in Pennsylvania.
Russian Hackers
The ransomware attack was attributed to a hacking group called LockBit. According to software firm Blackberry, LockBit has links to Russia.LockBit ransomware was first observed on Russian-language cybercrime forums in January 2020, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA).
Since 2020, LockBit has been involved in about 1,700 attacks in the United States, CISA said in a June 2023 advisory. Roughly $91 million in ransom payments have been made to the group.
In February, the U.S. Department of State announced that with the help of international law enforcement partners, it had disrupted the LockBit ransomware group.
However, on June 20, cybersecurity firm NCC Group stated in a post on its website that LockBit had resurfaced with a “staggering surge in activity” in May. The hacking group saw a 665 percent jump in attack volume month over month, the firm stated. The group was found to be responsible for 37 percent of ransomware attacks in the month.
Matt Hull, global head of threat intelligence at NCC Group, said that following the takedown of LockBit in February, there was speculation the group could dissolve.
“Alternatively, the group might be inflating their numbers to conceal the true state of their organization. The coming months will reveal whether LockBit can sustain the attack figures recorded in May.”
Evolve is offering all affected customers 24 months of membership to TransUnion’s credit monitoring and identity theft protection services, as well as “proactive fraud assistance” services provided by Cyberscout, a TransUnion company specializing in fraud assistance and remediation services.
Evolve advised affected individuals to remain vigilant against potential incidents of fraud or identity theft. It recommended regular monitoring of account statements and credit history to identify any unauthorized activity.
Affected customers can contact the bank’s dedicated call center at 866-238-9974.
