Evolve Bank’s LockBit breach panics multiple fintechs

2 Jul 2024

Image: © Africa Studio/Stock.adobe.com

Evolve said there is evidence that LockBit downloaded customer information from its databases, causing concerns for fintechs that have worked with the bank.

Evolve Bank & Trust has been hit by a cyberattack and the impact may have spread to the customers of multiple fintech firms.

The US-headquartered bank revealed that its systems were breached due to a ransomware attack by the notorious cybercrime group LockBit. This attack happened when an employee inadvertently clicked a malicious internet link, according to Evolve.

The bank claims there is no evidence that the criminals accessed customer funds, but there is evidence that the attackers downloaded customer information from Evolve’s databases.

“The threat actor also encrypted some data within our environment,” the bank said. “However, we have backups available and experienced limited data loss and impact on our operations.

“We refused to pay the ransom demanded by the threat actor. As a result, they leaked the data they downloaded.”

Since this incident, multiple fintechs that have worked with Evolve have issued warnings to their customers, as their data may have been connected to the breach.

On 28 June, fintech company Wise said it has emailed customers that it thinks may have been directly affected by the data breach. The fintech said it worked with the bank between 2020 and 2023.

“For Evolve Bank & Trust to provide USD account details to Wise customers, they were required to hold identifying information,” Wise said. “Evolve has not yet confirmed to us what data has been impacted.”

Wise said the information it shared with Evolve included customer names, addresses, date of birth, contact details and identity document numbers.

Meanwhile, Affirm – the buy-now-pay-later fintech – confirmed that it is a partner with Evolve and that the LockBit attack may have compromised some data and personal information of Affirm customers that Evolve had on record. Only customers with an Affirm card are at risk.

The latest ransomware attack shows the resiliency of gangs like LockBit and their malware. LockBit suffered a serious blow earlier this year after a massive law enforcement operation disrupted the ransomware gang.

This operation seized lots of information on the gang and its affiliates, while managing to bring down its data leak website. By May, the UK’s National Crime Agency assessed that the gang was running at limited capacity and that its global threat has been “significantly reduced”.

But some experts had doubts that LockBit had been dealt with. Ricardo Villadiego, from cybersecurity firm Lumu, previously told SiliconRepublic.com that gangs such as LockBit are prepared for these potential risks – evident by the fact that the gang was offering its services again in “less than four days”.

A report from cybersecurity company BlackFog claimed ransomware surged by 110pc in March 2024 and that LockBit ransomware remained a dominant variant, despite the disruption that occurred the month prior.

Find out how emerging tech trends are transforming tomorrow with our new podcast, Future Human: The Series. Listen now on Spotify, on Apple or wherever you get your podcasts.

Leigh Mc Gowran is a journalist with Silicon Republic

editorial@siliconrepublic.com