Ransomware attacks in the U.S. are on the rise, with one report showing that they increased by 68% in 2023 alone. These attacks have become more frequent and sophisticated as cybercriminals are deploying advanced tactics and demanding higher ransoms in each ransomware attack. This troubling trend has affected numerous organizations, with Evolve Bank & Trust being the latest victim.
This severe ransomware attack exposed the personal data of millions of customers. The breach, carried out by the notorious LockBit gang, compromised sensitive information, affecting the bank’s direct customers and financial technology partners.
The ramifications are far-reaching, putting countless individuals at risk of identity theft and financial fraud. Below, we dive into the details of the Evolve Bank data breach and how this ransomware attack has compromised the personal information of millions.
How the Breach Happened
In late May 2024, Evolve Bank & Trust detected unusual activity within its systems, initially mistaking it for a hardware failure. Upon further investigation, cybersecurity specialists determined that the bank had fallen victim to a ransomware attack orchestrated by the Russia-linked LockBit gang. The attack had occurred earlier in February 2024, and the intruders had maintained access until the breach was discovered in May.
The attackers gained entry when an employee inadvertently clicked on a malicious link, allowing the cybercriminals to infiltrate Evolve’s network. Once inside, the hackers accessed and downloaded customer information from the bank’s databases and file shares.
They also encrypted some of the bank’s data, though Evolve had backups that limited data loss and operational impact. Evolve’s refusal to pay the ransom led LockBit to publish the stolen data on a dark web leak site.
Scope of the Data Compromise
The ransomware attack on Evolve Bank & Trust resulted in a significant data breach, exposing the personal information of at least 7.6 million individuals. This includes over 20,000 customers based in Maine. The compromised data spans a wide range of sensitive information. According to Evolve’s statement, the attackers accessed the names, Social Security numbers, bank account numbers, and contact details of Evolve’s personal banking customers.
The breach also affected the personal data of Evolve employees and customers of its financial technology partners. Notable partners impacted include Affirm, which reported potential compromises of customer data and personal information, and Mercury, which disclosed that account numbers, deposit balances, business owner names, and emails were exposed.
Money transfer organization Wise also confirmed that some of its customers’ personal information might have been involved. Evolve Bank stated that they are still investigating whether more personal information was affected, including details related to their business, trust, and mortgage customers.
Evolve’s Response and Mitigation Efforts
Upon discovering the breach in late May 2024, Evolve Bank & Trust acted swiftly to contain the situation and mitigate further damage. The bank immediately initiated its incident response protocols and stopped the unauthorized activity by May 31, 2024. It also engaged cybersecurity specialists to investigate the breach, identify the extent of the data compromised, and restore affected services.
Evolve took several critical steps to enhance its security measures. They reset passwords globally and reconstructed critical identity access management components, including Active Directory. The bank also fortified its firewall and dynamic security appliances to prevent further unauthorized access.
They also deployed endpoint detection and response tools to strengthen the network’s defenses. Evolve says that it’s continuing to strengthen its security measures by updating its response protocols, policies, and procedures.
Potential Impacts of the Breach
The ransomware attack on Evolve Bank & Trust has significant implications for the privacy and security of millions of individuals. The exposed data includes sensitive information such as names, Social Security numbers, bank account numbers, and contact information. This breach leaves affected individuals vulnerable to identity theft and financial fraud.
The exposure of such critical data can lead to unauthorized transactions, the opening of fraudulent accounts, and other forms of financial exploitation. Victims may face long-term challenges in securing their personal information and recovering from any financial losses incurred due to the breach. Evolve recognizes that the customers’ privacy is at stake and has advised affected individuals to monitor their accounts and credit reports closely and report any suspicious activity.
The compromised data impacts not only Evolve’s customers but also the clients of its financial technology partners like Affirm, Mercury, and Wise. This widespread exposure can erode trust in digital banking and financial technology services, causing customers to be more cautious about sharing their information online.
For Evolve Bank, the breach can result in reputational damage, legal consequences, and potential regulatory scrutiny. The bank may face lawsuits from affected individuals and penalties from regulatory bodies.
Industry-Wide Implications
The ransomware attack on Evolve Bank & Trust is a wake-up call for the entire financial industry. It highlights the growing threat of cyberattacks and the urgent need for stronger cybersecurity measures. Financial institutions are increasingly becoming prime targets for cybercriminals due to the valuable data they hold.
This breach emphasizes the necessity for comprehensive security protocols. Banks and financial services must invest in advanced cybersecurity technologies, regular security audits, and continuous employee training to recognize and avoid phishing attempts.
Furthermore, the breach highlights the importance of collaboration between financial institutions, cybersecurity firms, and regulatory bodies. Sharing threat intelligence and best practices can enhance the overall security posture of the industry. Regulatory bodies may also consider imposing stricter guidelines and penalties to ensure financial institutions adhere to robust cybersecurity standards.
Stay on Top of Increasing Cyber-attacks With TeraDact
The ransomware attack on Evolve Bank & Trust emphasizes the relentless threat cyber criminals pose. While Evolve has taken significant steps to address the breach and enhance its security infrastructure, the incident serves as a cautionary tale for the entire financial industry. Ensuring the protection of customer data requires continuous vigilance, advanced technological safeguards, and a proactive approach to cybersecurity.
To bolster the security of your financial institution, consider embracing TeraDact’s suite of data protection and security products. TeraDact will integrate with your databases, data lakes, REST APIs, and cloud data sources while offering customizable interfaces that enhance your privacy and data protection effectiveness. Its interactive intelligence responds to your risk profile, ensuring comprehensive security.
Try for free to see how it can ensure your financial institution stays resilient against cyber threats.