In late June 2024, LockBit cybercriminal group claimed responsibility for having breached a government agency with plans to release the stolen data. It was revealed that the group actually breached Evolve Bank and Trust.
At the end of June, there were claims that the LockBit cybercriminal group had breached a government agency and planned to release data exfiltrated from that breach. However, those claims turned out to be entirely untrue. Instead, LockBit did release data from another breach: Evolve Bank & Trust.
According to a statement from the Memphis-based bank obtained from DarkReading, the attack occurred in late May when an Evolve employee clicked on a malicious phishing link. Although the attackers didn’t access any customers’ money, they were able to download customer information from databases and a file share. Some data was encrypted, but thanks to backups, the company “experienced limited data loss and impact on our operations.” Evolve has sanitized its environment, but the full impact of the released data is still being assessed.
London-based FinTech company “Wise” also released a statement: “Evolve Bank & Trust is a regulated bank that we worked with from 2020 until 2023 to provide USD account details. They’ve recently been affected by a data breach, and some Wise customers’ personal information may have been involved. We’ll be emailing all Wise customers who we think may have been affected by this data breach directly.”
In addition to Wise, Affirm—a large buy-now-pay-later platform—reported in their 8-K filing with the SEC: “On June 25, 2024, Evolve Bank & Trust (‘Evolve’), the third-party issuer of the Affirm Card, notified the Company that Evolve had experienced a cybersecurity incident whereby a third party gained unauthorized access to personal information and financial information (‘Personal Information’) of Evolve retail banking customers and the customers of its financial technology partners. Because the Company shares the Personal Information of Affirm Card users with Evolve to facilitate the issuance and servicing of Affirm Cards, the Company believes that the Personal Information of Affirm Card users was compromised as part of Evolve’s cybersecurity incident. However, the Company’s information systems were not compromised, nor was the ability for Affirm Card holders to continue using their Affirm Card. This incident has not impacted any other part of the Company’s business or operations.”
Evolve apparently has partnerships with other larger and notable businesses in the financial services industry. Many of these partners are investigating the incident and assessing the impact. As of now, Wise and Affirm seem to be the most visible partners affected.
The silver lining, if there is one, is that impacted partners appear to have suffered only data loss and not additional occurrences of ransomware. Nevertheless, the information obtained from the release of Evolve’s data will likely be leveraged by other bad actors in their own social engineering and phishing campaigns, which is what led to this situation in the first place.
As the days go by, more of Evolve’s partners may come forward to notify customers of the impact. If you or any providers you use have been partnered with Evolve, exercise extra caution with suspicious texts, emails, phone calls, etc. If in doubt, never provide personal or sensitive information to a caller. Most companies nowadays rarely call and ask for login credentials, passwords, banking information, or authorization to move funds. If you receive a suspicious or unexpected call, find the correct number for that organization and call them directly.
References:
hxxps://www[.]darkreading[.]com/cyberattacks-data-breaches/fintech-frenzy-affirm-and-others-emerge-as-victims-in-evolve-breach
hxxps://wise[.]com/help/articles/1Tyvn34K9tp08aZ0y0Hqe0/data-breach-at-evolve-bank-trust-in-the-us
hxxps://www.sec[.]gov/Archives/edgar/data/1820953/000182095324000027/afrm-20240625.htm