Bitget App
Trade smarter
Buy cryptoMarketsTradeFuturesEarnWeb3SquareMore
Trade
Spot
Buy and sell crypto with ease
Margin
Amplify your capital and maximize fund efficiency
Onchain
Going Onchain, without going Onchain!
Convert
Zero fees, no slippage
Explore
Launchhub
Gain the edge early and start winning
Copy
Copy elite trader with one click
Bots
Simple, fast, and reliable AI trading bot
Trade
USDT-M Futures
Futures settled in USDT
USDC-M Futures
Futures settled in USDC
Coin-M Futures
Futures settled in cryptocurrencies
Explore
Futures guide
A beginner-to-advanced journey in futures trading
Futures promotions
Generous rewards await
Overview
A variety of products to grow your assets
Simple Earn
Deposit and withdraw anytime to earn flexible returns with zero risk
On-chain Earn
Earn profits daily without risking principal
Structured Earn
Robust financial innovation to navigate market swings
VIP and Wealth Management
Premium services for smart wealth management
Loans
Flexible borrowing with high fund security
Evolve Bank Data Breach Exposes Sensitive Information of Over 150,000 Accounts

Evolve Bank Data Breach Exposes Sensitive Information of Over 150,000 Accounts

CryptodailyCryptodaily2024/07/02 14:25
By:Amara Khatri

Table of Contents

  • Disappearance of Customer Deposits
  • Ransomware Group Leaks Sensitive Data
  • Delayed Notification and Data Content
  • Reporting and Legal Actions

Evolve Bank and Trust recently disclosed a ransomware attack that resulted in the theft of 33 terabytes of user data, exposed sensitive information linked to over 150,000 accounts, and revealed significant cybersecurity lapses.

Disappearance of Customer Deposits

Evolve Bank and Trust has confirmed a significant data breach that resulted in the theft of 33 terabytes of user data. The bank has been aware of the situation for the past month but only disclosed it to users last week. 

The bank had been facilitating customer accounts for the fintech firm Synapse, which declared bankruptcy in April. Following Synapse's collapse, $109 million in customer deposits held by several banks, including Evolve, for fintech firm Yotta reportedly vanished. 

Ransomware Group Leaks Sensitive Data

The ransomware group Lockbit, responsible for the attack, demanded an undisclosed ransom, stating that initial negotiations had failed and suggesting Evolve hire a new negotiator within 48 hours. 

The group then leaked the stolen data, which included parent directories, torrents, and compressed archive files from Evolve Bank and Trust. Lockbit had previously threatened to release data from the Federal Reserve, alleging it contained Americans' banking secrets.

As part of the data leak, Lockbit released a press statement highlighting the Federal Reserve’s enforcement action against Evolve Bank. The bank had agreed to a cease-and-desist order in June after the Federal Reserve found it engaged in unsafe and unsound banking practices, particularly in its fintech partnerships. 

The bank did not pay the ransom and asserted that Lockbit incorrectly attributed the data to the Federal Reserve.

Delayed Notification and Data Content

Despite these events, Evolve Bank only notified impacted fintechs and end users when the breach became public last week. The bank reported on Monday that its systems experienced unauthorized activity in late May caused by an employee clicking on a malicious link. Evolve claims to have halted the attack within days and has not observed further unauthorized activity since May 31.

The stolen data includes personally identifiable information (PII) such as names, addresses, social security and tax ID numbers, dates of birth, account balances, and email addresses. The data is linked to 155,586 accounts associated with firms, including Bitfinex, Nomad, and Copper Banking.

Reporting and Legal Actions

Jason Mikula of Fintech Business Weekly reported on the breach, noting Evolve Bank's delay in notifying those affected. Mikula later received a cease and desist email from Evolve after his reporting, clarifying that he had no intention of sharing sensitive PII.

An anonymous executive affected by the breach reportedly asked Mikula for the leaked files, as they had not received confirmation from Evolve.

Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice. 

Investment Disclaimer
0

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.

PoolX: Locked for new tokens.
APR up to 10%. Always on, always get airdrop.
Lock now!