This breach, orchestrated by the LockBit ransomware group, not only exposed millions of customer records but also created tremendous confusion and panic by initially claiming it had compromised U.S. Federal Reserve data.
We've captured exactly how this chain of events unfolded with our Evolve Bank Cyber Attack Timeline documents.
Disclaimer: This document has been created with the sole purpose of encouraging discourse on the subject of cybersecurity and good security practices. Our intention is not to defame any company, person or legal entity. Every piece of information mentioned herein is based on reports and data freely available online. Cyber Management Alliance neither takes credit nor any responsibility for the accuracy of any source or information shared herein.
In June 2024, Evolve Bank & Trust faced a cyber attack that sent shockwaves across the financial sector. The LockBit ransomware group infiltrated the bank's systems, compromising the personal data of approximately 7.6 million individuals.
The compromised data included a wide array of sensitive information, such as individuals' full names, Social Security numbers, detailed bank account information, and various forms of contact information, including phone numbers and email addresses.
The breach's ramifications also extended to several fintech companies that had partnered with Evolve Bank & Trust. These companies, including well-known names like Affirm, Mercury, and Wise, found themselves embroiled in the incident, which significantly amplified the attack's overall impact. The exposure of data from these fintech partners not only heightened the scale of the breach but also underscored the interconnected vulnerabilities within the financial technology ecosystem, affecting millions of users and raising serious concerns about data security and privacy across the industry.
In a surprising twist, the attackers claimed to have breached the U.S. Federal Reserve, boasting possession of 33 terabytes of sensitive banking data. However, the released information revealed that the breach was actually within Evolve Bank & Trust, not the Federal Reserve. This misunderstanding showcased not only the bold tactics of cybercriminals but also the intricate challenges of attribution in cyber incidents.
