An Arkansas-based financial institution is investigating a cybersecurity breach of its customers’ information. Evolve Bank and Trust announced this past week a known cybercriminal organization illegally obtained and released data and personal information of some of its customers and financial technology partners.
According to a news release by Evolve, they claim the issue initially appeared to be a hardware failure, but they subsequently learned it was unauthorized activity. After becoming aware of the unauthorized activity, Evolve engaged cybersecurity specialists to investigate and determined that unauthorized activity may have been the cause. The specialists stopped the attack within days, and claim to have seen no new unauthorized activity since May 31, 2024. Evolve says specialists are investigating what happened and what data was affected, as well as a firm to help them restore their services.
In the release, Evolve says the investigation showed cybercriminal organization LockBit to be behind this ransomware attack. Evolve believes LockBit gained access when an employee inadvertently clicked on a malicious internet link. The statement includes that there is no evidence that the criminals accessed any customer funds, but it appears they did access and download customer information from Evolve databases and a file share during periods in February and May.
The Evolve data breach surfaced barely two weeks after the U.S. Federal Reserve directed the bank “to bolster its risk management programs around fintech partnerships as well as anti-money laundering laws.” The Federal Reserve warned that Evolve had engaged in “unsafe and unsound banking practices” with financial technology companies.
WebReadyTM Powered by WireReady® NSI