Evolve Bank & Trust

Yesterday, Evolve Bank & Trust began notifying 7,640,112 people of a data breach following a cybersecurity attack in May 2024. LockBit was recently found to be responsible for the attack after initially claiming it had impacted the US Federal Reserve.

This makes this the fourth-largest ransomware attack on a financial services company based on records affected. 

In its notification, Evolve states that it identified some systems weren’t working properly on May 29. Through its investigation, it found the threat actors downloaded information from February to May but assured customers that the breach did not affect any funds stored with Evolve. Rather, the breach impacted: “Names, Social Security numbers, bank account numbers, and contact information for most of our personal banking customers, as well as customers of our Open Banking partners. We have also learned that personal information relating to our employees was also likely affected.”

While it continues its investigations into what other data was potentially involved, we highly recommend Evolve customers use the free 24-month membership to TransUnion’s credit monitoring and identity theft protection services it is offering. Monitoring accounts for any suspicious activities or unauthorized transactions is also highly recommended, as is being alert for any potential phishing messages purported to be from Evolve or its partners.

Wise USA, Inc. is also issuing notifications to customers following this attack on Evolve. While it no longer partners with Evolve, it advises customers to be on high alert and is also offering complimentary credit monitoring services.

Who is LockBit?

LockBit is one of the most prolific ransomware gangs of recent years after first appearing in 2019. According to our data, LockBit is responsible for 416 confirmed ransomware attacks around the world. These attacks have affected at least 26.2 million records. This latest attack on Evolve is the second-largest by records affected, beaten only by the Managed Care of North America (MCNA) Dental in the US which affected just over 8.9 million records.

As mentioned, LockBit posted this attack on its data leak site, claiming to have breached the US Federal Reserve.

LockBit Federal Reserve Claim

In its claim, it appeared to suggest that the person who contacted them to negotiate a ransom had offered $50,000 in exchange for the data to be deleted. When a ransom wasn’t paid and the data was leaked, it was found that the data belonged to Evolve Bank & Trust.

So far this year, LockBit is behind 50 confirmed attacks with a further 361 unconfirmed claims. LockBit was also responsible for the January 2024 attack on EquiLend and the October 2023 attack on McCamish Infosys Systems LLC which has recently been confirmed to have involved the data of at least 6 million people.

It is believed the group is based in Russia. Often, LockBit will operate a double-extortion model whereby a ransom is demanded to decrypt systems and delete any stolen data.

Ransomware attacks on the finance industry

Due to the sensitive data held by finance companies, this industry is arguably a lucrative target for ransomware gangs. Just this year we have noted 28 ransomware attacks affecting 27,344,879 records. While the number of confirmed attacks does appear to be on a downturn compared to 2023 (we noted 93 in total last year), the number of records impacted has already exceeded 2023’s total of just over 24.7 million. So while fewer attacks may be being carried out, hackers are focusing in on companies with vast troves of sensitive data–like Evolve Bank & Trust.

From 2018 to present, the average ransom on the finance industry stands at just over $4 million.

We have also recorded 146 unconfirmed attacks on the finance industry this year so far.

More about Evolve Bank & Trust

Headquartered in Memphis, Tennessee, Evolve Bank & Trust has been a financial service provider for around 100 years. It offers personal and business banking and lending and also works as a Banking-as-a-Service (BaaS) provider.