Evolve Bank & Trust was breached in a cyberattack in May during which hackers stole the personal information of customers, and a law firm says it’s looking into potential claims for the data breach.
People affected by the breach are at risk of identity theft, financial fraud, and other serious privacy violations, the firm warned. As such, these individuals could be entitled to monetary damages, it stated.
The law firm, which specializes in class action lawsuits against corporations, said the hacking group claimed that “33 terabytes of juicy banking information” was stolen and released to the dark web.
“As a fintech firm, Evolve partnered with numerous other companies, including Affirm, Bilt, Shopify, Mercury, Plaid, and Stripe,“ the firm stated. ”If you did business with any of these companies, your private information may have been posted on the Dark Web as part of the Evolve breach.”
In a July 3 update, the bank said it’s scheduled to send notifications of the data breach to customers beginning on July 8. The initial round of notifications is expected to be completed over two weeks.
Evolve claims that all affected U.S. customers will receive two years of credit monitoring and identity protection services. International residents will receive dark web monitoring services.
The notifications will offer detailed information about these services and provide contact details to help customers address issues related to the data breach.
The ransomware attack was attributed to a hacking group called LockBit.
“They appear to have gained access to our systems when an employee inadvertently clicked on a malicious internet link,” the company stated. Evolve refused to pay the ransom demanded by the hackers, following which the criminals released the stolen data.
LockBit Threat
LockBit is a ransomware group with links to Russia, according to software firm Blackberry.While the FBI hasn’t explicitly called LockBit a Russian-backed group, “an assessment of LockBit’s public communications—which espouse a broadly anti-Western political view—indicates they have Russian origins with global affiliates,” BlackBerry said in a post.
Since 2020, LockBit has been involved in roughly 1,700 attacks in the United States, CISA said in a June 2023 advisory. Roughly $91 million in ransom payments have been made to the group.
In 2022, 16 percent of state, local, tribal, and tribunal government ransomware incidents reported to the Multi-State Information Sharing and Analysis Center were identified as coming from LockBit.
Private information such as names, other personal identifiers, and driver’s license and non-driver identification card numbers were stolen in this breach. Law firms are investigating claims for this incident.
