Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Evolve confirms data stolen in LockBit leak

Evolve Bank & Trust, the organisation that had its data leaked by LockBit in place of the US Federal Reserve, has confirmed the authenticity of the leak.

user icon Daniel Croft
Fri, 28 Jun 2024
Evolve confirms data stolen in LockBit leak
expand image

In a release on its website, the bank said it had launched an investigation into the breach, and it confirmed that the data of some of its Evolve retail bank customers and financial technology partners’ customers was stolen.

“It appears these bad actors have released illegally obtained data, including personal identification information (PII), on the dark web,” Evolve said.

“The data varies by individual but may include your name, Social Security number, date of birth, account information and/or other personal information.”

============
============

In an update, Evolve confirmed that “customer debit cards, online, and digital banking credentials” were not affected in the breach and appeared to be secure at the time.

Evolve said it has begun communicating with customers and financial technology partners’ customers.

“We encourage all retail banking customers and financial technology partners’ customers (end users) to remain vigilant by monitoring account activity and credit reports,” Evolve said.

“You can set up free fraud alerts from nationwide credit bureaus – Equifax, Experian, and TransUnion. You can also request and review your free credit report at any time via Freecreditreport.com. If you suspect any fraud or suspicious activity, please contact us immediately.”

The Evolve data breach occurred earlier this week after LockBit threatened to leak the data of the US Federal Reserve, setting a countdown timer to end at 6:27 AEST on 26 June 2024.

However, when the timer ran out, no US Federal Reserve data was leaked, but data belonging to Evolve Bank and Trust.

The US Federal Reserve had called out Evolve Bank & Trust earlier this month for “deficiencies in the bank’s anti-money laundering, risk management, and consumer compliance programs”.

LockBit linked the press release alongside the Evolve data.

“Examinations conducted in 2023 found that Evolve engaged in unsafe and unsound banking practices by failing to have in place an effective risk management framework for those partnerships,” the release said.

“In addition, Evolve did not maintain an effective risk management program or controls sufficient to comply with anti-money laundering laws and laws protecting consumers.”

No data belonging to the US Federal Reserve appears to have been leaked.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.