Evolve Bank & Trust suffered a cyberattack in May that led to hackers stealing the personal information of customers and a law firm announcing it was looking into potential claims for the data breach.
People affected by the breach are at risk of identity theft, financial fraud, and other serious privacy violations, it warned. As such, these individuals could be entitled to monetary damages, the firm stated.
The law firm, specialized in class action lawsuits against corporations, said the hacking group claimed “33 terabytes of juicy banking information” was stolen and released to the dark web.
“As a fintech firm, Evolve partnered with numerous other companies, including Affirm, Bilt, Shopify, Mercury, Plaid, and Stripe. If you did business with any of these companies, your private information may have been posted on the Dark Web as part of the Evolve breach,” the firm said.
In a July 3 update, the bank said it is scheduled to send notifications of the data breach to customers beginning Monday. The initial round of notifications is expected to be completed over two weeks.
Evolve claims all affected U.S. customers will receive two years of credit monitoring and identity protection services. International residents will receive dark web monitoring services.
The notifications will offer detailed information about these services, and provide contact details to help customers address issues related to the data breach.
The ransomware attack was attributed to a hacking group called LockBit. “They appear to have gained access to our systems when an employee inadvertently clicked on a malicious internet link,” the company said. Evolve refused to pay the ransom demanded by the hackers, following which the criminals released the stolen data.
LockBit Threat
LockBit is a ransomware group with links to Russia, according to software firm Blackberry.Even though the FBI has not explicitly called LockBit a Russian-backed group, “an assessment of LockBit’s public communications—which espouse a broadly anti-Western political view—indicates they have Russian origins with global affiliates,” BlackBerry said in a post.
Since 2020, LockBit has been involved in roughly 1,700 attacks in the United States, CISA said in a June 2023 advisory. Roughly $91 million in ransom payments were made to the group.
In 2022, 16 percent of state, local, tribal, and tribunal government ransomware incidents reported to the Multi-State Information Sharing and Analysis Center were identified as coming from LockBit.
“This included ransomware incidents impacting municipal governments, county governments, public higher education and K-12 schools, and emergency services (e.g., law enforcement).”
Private information like names and other personal identifiers as well as driver’s license and non-driver identification card numbers were stolen in this breach. Law firms are investigating claims for this incident.
