Evolve Bank & Trust, a relatively small financial institution known for its partnerships with fintech startups, has announced a major data leak that could include their customers’ personal identification information, including addresses and social security numbers.
The Arkansas-based bank confirmed on Wednesday that it had fallen victim to a cyberattack resulting in a data breach that potentially affects both its retail customers and the customers of its fintech partners.
According to a statement released by Evolve, the breach involves the theft and release of personal information on the dark web. The bank has assured customers that debit cards, online banking, and digital banking credentials appear to be unaffected.
“It appears these bad actors have released illegally obtained data, including Personal Identification Information (PII), on the dark web. The data varies by individual but may include your name, Social Security Number, date of birth, account information and/or other personal information,” the bank said.
The notorious ransomware group LockBit is believed to be responsible for the attack. LockBit had previously claimed to have hacked the US Federal Reserve, but analysis suggests that the 33 terabytes of data they threatened to release actually originated from Evolve Bank & Trust.
Several of Evolve’s fintech partners, including Affirm, EarnIn, Marqeta, and Mercury, have acknowledged the breach and are investigating its impact on their customers. These companies rely on Evolve for various financial and lending services.
This incident comes on the heels of recent regulatory action against Evolve. On June 14, the Federal Reserve ordered the bank to improve its risk management practices, particularly concerning its fintech partnerships and anti-money laundering protocols.
Evolve has said that it is working with law enforcement authorities to investigate the breach. The bank plans to offer complimentary credit monitoring and identity theft protection services to affected individuals.
Information for this story was found via Bloomberg, and the sources and companies mentioned. The author has no securities or affiliations related to the organizations discussed. Not a recommendation to buy or sell. Always do additional research and consult a professional before purchasing a security. The author holds no licenses.
