Evolve Bank & Trust Reveals 7M Impacted in LockBit Breach

Evolve Bank & Trust has confirmed in a filing with the Maine Attorney General that 7,640,112 individuals were affected in a data breach it experienced in May. 

In its notice of data breach letter, Evolve wrote that it identified systems that were not operating correctly and assumed it to be hardware failure, only to discover the presence of unauthorized activity. 

After initiating incident response processes, Evolve launched an investigation with third-party experts to determine the nature and scope of the breach. The financial services company reports that the threat actors did not access any customer funds; however, they were able to access and download customer information from the company’s database, as well as a file share.

LockBit claimed responsibility for the attack after threatening to release 33TB of data, purportedly from the US Federal Reserve, if a ransom was not paid. Once the group released some of the data, it was discovered that it belonged to Evolve rather than the Fed.

The affected data varies depending on the individual, but it could include names, Social Security numbers, dates of birth, and other account and personal information, according to Evolve's statement on the breach last month.

Wise and Affirm, international money transfer and buy-now-pay-later companies, confirmed last week that each was affected by the Evolve breach, according to SEC filings, even though the former cut ties with Evolve last year.

As it continues to notify individuals, Evolve encourages its users to remain vigilant and to regularly review their account statements and credit histories. It also offers a 24-month membership to TransUnion’s credit monitoring and identity theft protection services for those who've been affected, as well as fraud assistance in the event a user finds themselves a victim of fraud.