Evolve Bank & Trust Hacked by LockBit: Massive Data Breach Affects Millions, Including Affirm Customers

• A major security breach has been reported, involving a well-known US bank compromised by cybercriminals.
• The cyberattack extends to several fintech firms linked to the bank, compounding the severity of the incident.
• The affected institutions are currently assessing the impact and investigating the extent of the data breach.

An alarming ransomware attack has compromised sensitive data from a major US bank, affecting millions of customers across multiple financial entities.

Details of the Ransomware Attack on Evolve Bank & Trust

In a significant security incident, Evolve Bank & Trust, based in Tennessee, fell victim to a sophisticated ransomware attack attributed to the Russian-linked group LockBit. Confidential customer information, including names, Social Security numbers, bank account details, and contact information, was illicitly accessed. The breach has raised widespread concerns about data security within the banking sector.

Impact on Partnered Fintech Companies

The ripple effect of this breach has been substantial, affecting numerous fintech companies associated with Evolve Bank & Trust. Companies such as Affirm, Wise, Bilt, Marqeta, Mercury, and EarnIn have each issued statements confirming the compromise of customer data. Affirm, notably, has over 18 million customers, many of whom are now at risk due to the compromised information linked to its Affirm Card.

Regulatory and Compliance Implications

The hacking incident coincides with existing regulatory pressures faced by Evolve Bank & Trust. Regulatory bodies, including the Federal Reserve and the Arkansas State Bank Department, have issued a cease-and-desist order to Evolve due to inadequacies in their risk management and compliance protocols, particularly those relating to anti-money laundering measures. This dual scrutiny intensifies the urgency for the bank to shore up its cybersecurity and compliance frameworks.

Investigations and Future Measures

In the wake of the breach, thorough investigations are underway to gauge the full impact. Affected fintech firms are actively collaborating with cybersecurity experts to fortify their defenses and prevent future occurrences. The consumer rights law firm Schubert Jonckheer & Kolbe has highlighted the extensive scale of the breach, affecting millions of customers across various financial platforms. Moving forward, a robust emphasis on enhanced cyber protection and risk management is imperative.

Conclusion

This significant security breach underscores the pervasive vulnerabilities within the financial sector. The incident involving Evolve Bank & Trust and its associated fintech partners serves as a stark reminder of the critical importance of stringent cybersecurity measures and regulatory compliance. As the investigations continue and affected firms bolster their defenses, the financial industry must prioritize security and customer data protection to avert similar breaches in the future.