Evolve Bank & Trust Data Breach: 3.2 Million Affected
Evolve Bank & Trust: Millions of Clients’ Personal Data Compromised in Major Breach
In a world where digital security is paramount, the recent data breach at Evolve Bank & Trust has sent shockwaves through the financial community. On Monday, Evolve notified the Attorney General of Maine that a cyberattack had exposed the personal data of at least 3.2 million people, including more than 10,000 Maine customers, according to a report by TechCrunch.
The Nature of the Compromise
While Evolve did not specify the exact categories of data compromised in their official filing, a prior statement on their website revealed that the attackers gained access to personal banking clients’ names, Social Security numbers, bank account numbers, and contact information. The breach also compromised the data of Evolve employees and clients of their financial technology partners.
The Role of LockBit Ransomware
LockBit, a notorious ransomware group, has been identified as the perpetrator behind this data breach. One of Evolve’s partners, Affirm, acknowledged that the hack might have compromised some data and personal information of its clients. TechTimes reported last week that Wise, another partner, stated that the breach might have harmed certain clients and would be notifying affected customers via email.
In June, LockBit falsely claimed a Federal Reserve hack, which upon investigation, turned out to involve Evolve Bank & Trust data. According to BleepingComputer, Evolve’s inquiry into the incident revealed that a LockBit member gained access to the bank’s database and file shares after an employee clicked on a malicious link.
Response to the Breach
Evolve Bank & Trust assured that client funds remained secure, although the attack had impacted some fintech customers, including Affirm, Wise, and Bilt. The bank informed the affected parties on May 17, 2023, that some systems were not functioning correctly due to unauthorized activity initially perceived as hardware failure.
The first breach occurred on February 7, 2023, giving attackers over four months to infiltrate Evolve’s network. In an effort to mitigate the damage, Evolve now offers two years of credit monitoring and identity protection for U.S. citizens, and dark web monitoring for international clients. Affected individuals must enroll in these services by October 20, 2023. Evolve advised clients to be cautious of unsolicited messages, monitor account statements and credit histories, and report any unusual activity to authorities.
Impact on Partners and Clients
Evolve collaborates with several notable firms such as Shopify, Plaid, Stripe, and Mercury. While these companies have not confirmed exposure to the LockBit ransomware, a threat actor attempted to sell data of 10,000 Shopify users, which the company denied as a data breach. The shared data included full names, email addresses, phone numbers, order details, and Shopify account information.
Mercury, another financial company, disclosed on the social networking site X that the breach included client account and deposit balance data, and advised clients on data protection measures.
Steps Taken by Evolve Bank & Trust
Evolve Bank & Trust has taken decisive actions following the breach. The bank has publicly stated that it will not pay any ransom to the hackers. Post-intrusion, the bank changed all global passwords, rebuilt Active Directory, and implemented stronger firewalls to prevent future attacks. They continue to advise clients to stay updated on the developments of the data breach through their official channels.
Moving Forward
The Evolve Bank & Trust data breach serves as a stark reminder of the vulnerabilities inherent in our interconnected world. As companies like Evolve strengthen their defenses and offer support to affected clients, this incident underscores the importance of vigilance, robust cybersecurity measures, and transparent communication in safeguarding personal data.
Comments
Post a Comment