Evolve Bank Data Breach Exposes Sensitive Information of Over 150,000 Accounts

As an experienced cybersecurity analyst, I find the recent data breach at Evolve Bank and Trust deeply concerning. The theft of 33 terabytes of user data, affecting over 150,000 accounts, is a serious issue that demands immediate attention.


Recently, Evolve Bank and Trust announced a cyberattack resulting in the theft of approximately 33 terabytes of user data. This incident led to the exposure of confidential information connected to more than 150,000 accounts. The attack also uncovered significant weaknesses in their cybersecurity measures.

Disappearance of Customer Deposits

Significant user data, amounting to 33 terabytes, was stolen from Evolve Bank and Trust’s systems in a recent data breach. The institution became aware of this incident a month ago but chose to inform affected customers only last week.

Several banks, among them Evolve, had been allowing Synapse, a fintech company that declared bankruptcy in April, to manage customer accounts on their behalf. It is alleged that approximately $109 million in deposits belonging to Synapse’s customers, including those held by Yotta, have since gone missing.

Ransomware Group Leaks Sensitive Data

As a researcher studying cybersecurity threats, I can tell you that the notorious ransomware group Lockbit made a demand for an unspecified ransom following their attack. They communicated that earlier negotiations had not yielded satisfactory results and urged Evolve to appoint a fresh negotiator within the next 48 hours.

As an analyst, I would rephrase that sentence as follows: I discovered that the group had leaked pilfered information from Evolve Bank and Trust, encompassing parent folders, torrents, and compressed archives. Previously, Lockbit had menaced to disclose data from the Federal Reserve, claiming it held sensitive banking information of Americans.

As an analyst examining the aftermath of the data leak by Lockbit, I’d like to bring your attention to a press statement issued by the group, which shed light on the Federal Reserve’s regulatory action against Evolve Bank. Following this revelation, it came to light that the bank had entered into a consent agreement in June, as a result of the Federal Reserve’s findings of unsafe and unsound banking practices, primarily related to its fintech collaborations.

As a crypto investor, I would say: “Lockbit mistakenly identified the data as belonging to the Federal Reserve, but the Fed neither paid the ransom nor acknowledged any involvement in the matter.”

Delayed Notification and Data Content

Although the security incident occurred at Evolve Bank back in late May, the affected fintech companies and end users were informed about it only when the breach was made public last week. On Monday, the bank disclosed that an employee had inadvertently triggered unauthorized access to its systems by clicking on a malicious link. Evolve Bank asserted that it managed to put a stop to the attack within a few days and has not detected any further unauthorized activity since May 31.

The stolen data includes personally identifiable information (PII) such as names, addresses, social security and tax ID numbers, dates of birth, account balances, and email addresses. The data is linked to 155,586 accounts associated with firms, including Bitfinex, Nomad, and Copper Banking.

Reporting and Legal Actions

As a crypto investor following the latest news in the fintech industry, I was alarmed to learn about the data breach at Evolve Bank reported by Jason Mikula of Fintech Business Weekly. The delay in notifying those affected raised concerns for me and many others in the community. However, I want to make it clear that I did not intend to share any sensitive personally identifiable information (PII) obtained during my reporting on this matter. Subsequently, I received a cease and desist email from Evolve Bank, confirming their stance on the issue.

A confidential source, who is an executive and has been impacted by the security incident, allegedly requested the compromised documents from Mikula. They hadn’t yet received verification from Evolve regarding the matter.

Read More

2024-07-02 17:06