Evolve hack impacts 7.6M people, including Wise customers

A hack at the Arkansas-based Evolve Bank & Trust has rippled through several fintech companies. The bank has disclosed that the LockBit attack exposed millions of customers.

Evolve’s breach notification to the Maine Attorney General revealed the true scale of the LockBit attack. According to information provided by the bank, over 7.6 million were impacted by the breach.

In late June, the infamous LockBit ransomware cartel posted Evolve’s data on its dark web blog, claiming that the information was taken from the US Federal Reserve.

Meanwhile, the company said that it noticed that some of its systems were not working properly on May 29th. The bank’s team initially thought the malfunction was a hardware failure. However, further investigation revealed that the issue was caused by “unauthorized activity.”

“Evolve promptly initiated its incident response processes and stopped the attack. No new unauthorized activity on Evolve’s systems has been identified since May 31st, 2024,” the bank said.

Evolve claims there’s no evidence that hackers accessed customer funds. However, attackers managed to access customers’ information from the bank’s database and a file share for the period February through March 2024.

According to Evolve “names, Social Security numbers, bank account numbers, and contact information were affected for most of our personal banking customers, as well as customers of our Open Banking partners. We have also learned that personal information relating to our employees was also likely affected.”

The ripple effect

Interestingly, the same day Evovle’s breach notification was posted, another company, Wise (formerly TransferWise), posted its own breach notification, saying that it was impacted by the Evolve breach.

Since Evolve has been providing banking-as-a-service products, several financial technology (fintech) companies have used it to enter the US market. One such fintech was Wise, which partnered with Evolve from 2020 to 2023.

Launched in 2011, the London-headquartered Wise is used by 16 million people globally.

According to Wise’s breach notification, the attack on Evolve may have exposed some of its customers' personal data. While the company did not reveal what type of data was exposed, it stressed that exposed details do not include “copies of any of the identification documents” that users shared with Wise.

While the fintech said the breach did not impact its systems and assured clients their passwords, account details, and PIN numbers were not exposed, Wise “strongly recommended” users be watchful over financial activity outside of Wise, including any accounts users have linked to Wise.

Another fintech, Mercury, said that its customers have also been impacted by Evolve’s breach. However, the company said its customer account credentials, passwords included, were not impacted in the attack. US fintech Affirm said its customer's information may have also been exposed.

According to Bloomberg reports, days before Evolve’s hack became public, the Federal Reserve and the Arkansas State Bank issued a cease-and-desist order to Evolve and its parent, Evolve Bancorp Inc., over the bank’s shortcomings in overseeing fintech partnerships and anti-money laundering requirements.

The smoldering LockBit

The once-mighty LockBit was caught red-handed, as cybersecurity experts quickly realized it was lying about the data's origins.

However, the cybercriminal gang has been successfully evading law enforcement since its inception in late 2019.

Operating as a ransomware-as-a-service (RaaS) model, the LockBit cartel is said to have executed over 1,400 attacks against victims in the US and around the world, including Asia, Europe, and Africa.

Still, the gang suffered a major setback this spring when the international Operation Cronos, led by the FBI and Interpol, infiltrated the gang’s network infrastructure, taunting the gang with a seizure notice splashed across the LockBit leak site’s home page.

Yet even after the FBI publicly outed its Russian ringleader LockbitSupp, with his picture and other personal information, including the car he drives, LockBit was business as usual, creating a new leak site and targeting multiple US hospitals within days.

Updated on July 9th [02:20 p.m. GMT] with type's of data that was involved in the breach.


prefix 14 days ago
great article
Leave a Reply

Your email address will not be published. Required fields are markedmarked