Evolve Bank & Trust Data Breach Exposes Sensitive Information of Over 7 Million Customers

• The financial landscape was shaken recently by a substantial data breach impacting over seven million individuals.
• This breach was facilitated by the notorious hacking group LockBit, targeting a significant number of financial institutions through Evolve Bank & Trust.
• Among those affected, major firms like Affirm, Wise, Bilt, Marqeta, Mercury, and EarnIn have reported compromised customer data, prompting immediate investigations and responses.

Over 7 Million Customers Affected by Major Data Breach at Evolve Bank & Trust

Details of the Hack and Its Immediate Impact

The extent of the breach, as reported by the Office of the Maine Attorney General, discloses that sensitive information of 7,640,112 customers at Evolve Bank & Trust has been leaked onto the dark web. The breach compromised a wide range of personal data including names, Social Security numbers, bank account information, addresses, phone numbers, and email addresses.

Specifics on the Methodology and Spread

The cyber attack, executed by the Russian-affiliated group LockBit, has reached several associated financial institutions via a vulnerable employee who inadvertently clicked a malicious link in May. This not only granted cybercriminals access to Evolve Bank & Trust’s systems but also compromised the data of their partners’ customers, escalating the breach’s ramifications.

Consequences for Affected Financial Institutions

Among the impacted organizations, Affirm, with a customer base of 18 million, noted that the breach affected users of its Affirm Card. Other financial entities such as Wise, Bilt, Marqeta, Mercury, and EarnIn have confirmed data breaches in varying capacities, triggering immediate corporate responses and customer alerts.

Post-Breach Responses and Legal Actions

In reaction to the breach, Evolve Bank & Trust has advised customers to vigilantly monitor their accounts for any anomalous activity and is providing a two-year credit and identity monitoring service to those affected. Furthermore, multiple class-action lawsuits have been initiated on behalf of the victims whose data may have been exposed, aiming to address the legal and financial repercussions of this significant security lapse.

Conclusion

This incident underscores the pervasive threat posed by cybercriminals and the critical importance of robust digital security measures across the financial sector. Institutions and their customers must stay vigilant and proactive in safeguarding sensitive information. The fallout from this breach will continue to evolve, and affected parties should prepare for potential long-term impacts and necessary remedial measures.