- The crypto-friendly bank, Evolve Bank and Trust, recently faced a significant data breach incident.
- The attackers stole 33 terabytes of sensitive customer data but did not compromise customer funds.
- Hackers, identified as the Lockbit ransomware group, targeted the bank, impacting several crypto companies.
Evolve Bank and Trust experiences a severe data breach, compromising sensitive user data across multiple crypto firms.
Evolve Bank’s Data Breach Affects Bitfinex and Other Companies
The ransomware attack, attributed to the Russian group Lockbit, has exposed critical user information linked to Bitfinex and other clients. Data stolen includes names, addresses, social security numbers, tax IDs, birth dates, account balances, and email addresses.
The Scope of the Data Compromised
Over 155,500 accounts associated with crypto-related firms such as Bitfinex, Nomad, and Copper Banking were affected. The breach occurred when a bank employee unintentionally clicked on a harmful link, allowing unauthorized access. Despite the prompt containment of the attack, the sensitive personal information of numerous customers was compromised.
Delay in Notifying Affected Parties
Evolve Bank stated that the attack caused some data encryption within their system, which was mitigated using backups to minimize operational disruption. The bank refused to pay the ransom, noting Lockbit’s incorrect claim of linking the data to the Federal Reserve. However, it became apparent that Evolve delayed informing its fintech partners and customers about the breach until it became public.
Potential Impact on Customers and Partnerships
Several financial technology firms, previously collaborating with Evolve, have issued warnings to their clients about possible data exposure due to the breach. The bank disclosed that customer personal data, including those of its employees, were likely impacted. Jason Mikula from Fintech Business Weekly highlighted the bank’s delay in making this information public.
Conclusion
The Evolve Bank and Trust data breach underscores the vulnerabilities that even crypto-friendly financial institutions face. The compromised information poses significant risks to affected users and their associated companies. Moving forward, stronger cybersecurity measures and timely notifications are critical to mitigate the damage from such breaches.
