Hackers breached Evolve Bank & Trust, a bank for fintech businesses, in May 2024, resulting in several systems being offline.
The criminals behind the attack are the infamous LockBit ransomware gang. The Russian-affiliated hacking group has extorted more than $500 million from international victims since 2019. Recently, their website was taken offline by police raids and multiple leaders were arrested and await trial.
“While it initially appeared to be a hardware failure, we subsequently learned it was unauthorized activity,” states Evolve in an incident report.
“They appear to have gained access to our systems when an employee inadvertently clicked on a malicious internet link.”
LockBit claims to have stolen more than 33 TB of data, including sensitive customer data. Since Evolve deals with cryptocurrency holdings, this could include the amount of cryptocurrency stored within specific accounts.
However, Evolve’s incident report paints a different story.
“There is no evidence that the criminals accessed any customer funds, but it appears they did access and download customer information from our databases and a file share during periods in February and May. The threat actor also encrypted some data within our environment. However, we have backups available,” it reads.
Evolve also refused to pay LockBit’s ransom.
In response, LockBit posted the stolen data to an online forum. It was mixed with a much larger collection of data in a post that would lead users to believe it was information from the Federal Reserve Bank.
“The investigation is in its early stages, but it appears that names, Social Security numbers, bank account numbers, and contact information were affected for most of our personal banking customers, as well as customers of our Open Banking partners.”
Unfortunately, Evolve confirmed that employee data was compromised in the attack.
The company has taken steps to rebuild its network and is continuing to investigate the attack.