Evolve Bank caught up in latest Russia-linked cyberattacks

Hooded hacker with code background security concept.
Editorial credit: ozrimoz / Shutterstock.com

Evolve Bank & Trust has notified retail bank customers and financial technology partners’ end users of a cybersecurity incident potentially affecting personal information.

Evolve Bank’s announcement comes days after the Russia-linked LockBit ransomware gang claimed to have hacked the US Federal Reserve. The bank has confirmed that the gang has leaked stolen customer data from Evolve Bank & Trust on the dark web.

In a statement, the bank has emphasised that it takes this matter very seriously and is working diligently to address the situation. The bank has also enlisted the help of law enforcement authorities to assist in its investigation and response efforts.

Providing an update, Evolve has stated that it believes the cybersecurity incident has not impacted Evolve retail banking customers’ debit cards, online banking, or digital banking credentials. These credentials are reported to remain secure and unaffected by the incident.

However, the bank has cautioned customers that the cybercriminals have released illegally obtained data, which includes Personal Identification Information (PII), on the dark web. The specific data compromised varies by individual, but may include names, Social Security Numbers, dates of birth, account information, and/or other personal details.

LockBit released a cache of files across 21 separate links on the dark web after Evolve Bank failed to meet its ransom demands. Just hours earlier, the gang had claimed to have stolen 33 terabytes of “juicy banking information containing Americans’ banking secrets” from the Federal Reserve.

The group did not post the data or provide proof, but issued a statement threatening the Federal Reserve, which read: “You better hire another negotiator within 48 hours, and fire this clinical idiot who values Americans’ bank secrecy at $50,000.”

Evolve has urged impacted customers to watch for notifications. Retail bank customers will receive emails, while financial technology partners and banking app users (end users) will be contacted directly by their providers. These messages will include instructions for enrolling in complimentary credit monitoring and identity theft detection services.

Despite these efforts to resolve the attack, Evolve recently received an order from regulators to enhance its risk management practices and obtain approval before engaging in any new partnerships.

Cyberattacks and fraud are becoming more prevalent in the payments landscape of late and the emergence of new technology such as artificial intelligence (AI) are being used to prevent attacks, but also start them. 

Talking on this issue, Payment Expert sat down with Logan Porter, Director of Solution Engineering at SEON, during Money 20/20 Europe last week to get an insider’s perspective