What organization confirmed a data breach executed by the LockBit ransomware gang?

Evolve Bank & Trust, an Arkansas-based financial institution, confirmed a data breach executed by the LockBit ransomware gang.

What types of personal information were exposed in the Evolve Bank & Trust data breach?

The exposed personal identification information (PII) includes full names, Social Security numbers, dates of birth, account numbers, email addresses, mailing addresses, and phone numbers.

Have any details been disclosed about the number of affected individuals in the Evolve Bank & Trust data breach?

No details have been disclosed about the number of affected individuals.

Is the investigation into the Evolve Bank & Trust data breach ongoing?

Yes, the investigation is ongoing in collaboration with law enforcement agencies, and the bank is confident that the breach has been contained with no ongoing threat.

Incident

Evolve Bank confirms data breach by LockBit ransomware gang

Q: Were Evolve Bank & Trust's retail banking customers' debit cards, online banking, and digital banking credentials compromised?

No, Evolve Bank & Trust's retail banking customers' debit cards, online banking, and digital banking credentials were not compromised.

Q: What measures is Evolve Bank & Trust offering to affected customers?

Evolve Bank & Trust is offering affected customers complimentary credit monitoring services and new account numbers where necessary.

published: June 26, 2024

Learn More

Evolve Bank & Trust, an Arkansas-based financial institution, has confirmed a data breach executed by the LockBit ransomware gang.

Evolve Bank has stated that the investigation into the incident is ongoing, in collaboration with law enforcement agencies, and they are confident that the breach has been contained with no ongoing threat.

The hackers exfiltrated and published customer data on the dark web. This breach involves the exposure of sensitive personal identification information (PII), which includes:

Full names
Social Security numbers
Dates of birth
Account numbers
Email addresses
Mailing addresses
Phone numbers

No details are disclosed about the number of affected individuals. Apparently Evolve's retail banking customers’ debit cards, online banking, and digital banking credentials have not been compromised.

The bank is offering affected customers complimentary credit monitoring services and new account numbers where necessary.

Update - On June 26, LockBit did publish links to 33 Tb of data under a ‘federalreserve.gov’ post on its website, but an analysis showed that the information likely comes from Evolve Bank & Trust.

On 1st of June 2024, Evolve disclosed further details the attack. They confirmed that the attack was initiated after an employee clicked on a malicious link, allowing the cybercriminals to gain access to Evolve's systems.

The cybercriminals accessed and leaked:

Names
Social Security numbers
Bank account numbers
Contact information

The attack affected most of Evolve’s personal banking customers, customers of Evolve's Open Banking partners and likely compromised personal information of Evolve employees. They attackers deployed file-encrypting ransomware on Evolve systems.

As of 2nd July 2024, Evolve reports that the stolen data is linked to 155,586 accounts of firms, including Bitfinex, Nomad, and Copper Banking.

As of 8th of July 2024, Evolve confirmed that the data of over 7.6 million users was exposed during the ransomware attack. Evolve is offering affected customers two years of identity and credit monitoring services.

Evolve Bank confirms data breach by LockBit ransomware gang

Read More
Dairy Farmers of America reports ransomware attack exposing …
BlackSuit Ransomware gang attacks Monroe County
Academy Mortgage attacked by ransomware group
Freehold Township school district shuts down after cyberattack
Western Isles Council in Scotland reports ransomware attack