Evolve Bank admits cyberattack saw millions of customers have data stolen

Ransomware attack on a computer
(Image credit: Kaspersky)

Evolve Bank & Trust has confirmed it fell victim to a ransomware attack, and that it had lost sensitive customer data in the process. 

In a breach notification article posted on the company’s website, Evolve said it first spotted the intrusion in late May 2024, mistakenly identifying it as malfunctioning hardware. 

Subsequent investigation confirmed that it wasn’t a hardware failure, but rather a malware attack, triggered by an employee inadvertently clicking on a malicious link in an email.

Names and other details

The attack was later attributed to the LockBit ransomware gang, who managed to steal some data from its systems, and encrypt the rest. The company said it had working backups and that the data loss, as well as operational impact, was “minimal”.

It also confirmed LockBit demanding a ransom payment in exchange for the decryption key and for keeping the data safe, which Evolve turned down. LockBit responded by leaking the data on the dark web. 

As for the leaked data, the announcement does not state exactly how many people were affected. However, in a separate filing with the Office of the Maine Attorney General, spotted by TechCrunch, more than 7.6 million people had their data stolen. 

The data included customer names, Social Security Numbers, bank account numbers, and contact information. The bank’s employees, as well as customers of its Open Banking partners, were also said to have been affected. Evolve also added that the investigation is ongoing and that this information may change in the future. 

In late June, LockBit announced breaching the US Federal Reserve and stealing “33 terabytes of juicy banking information containing Americans’ banking secrets”. It was later confirmed that LockBit mistook Evolve for the Fed.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.