Introduction
Evolve Bank & Trust, a leading U.S.-based banking-as-a-service provider, recently disclosed a substantial cyberattack that compromised the personal data of millions of its customers. According to a filing with Maine’s attorney general, the breach affected at least 7.6 million individuals, including more than 20,000 residents of Maine. The attackers accessed sensitive information such as names, Social Security numbers, bank account details, and contact information. The incident is part of a broader pattern of cyberattacks targeting financial institutions, underscoring the increasing need for robust cybersecurity measures to protect customer data.
Details of the Breach
Evolve spokesperson Eric Helvie, in a statement to TechCrunch, did not specify if the number of affected individuals is expected to grow. The types of data compromised include:
- Personal Banking Customers: Names, Social Security numbers, bank account numbers, and contact information.
- Employees: Personal data.
- Financial Technology Partners: Data of customers from affiliated partners such as Affirm, Mercury, and Wise.
Affirm: Affirm confirmed that some data and personal information of its customers were compromised.
Mercury: Mercury reported that account numbers, deposit balances, business owner names, and emails were affected.
Wise (formerly TransferWise): Wise acknowledged that some personal information of its customers was involved.
Ongoing Investigation
Evolve is still investigating to determine if additional personal information, including that related to their business, trust, and mortgage customers, was affected.
Source of the Breach
The breach traces back to a ransomware attack in February by the Russia-linked LockBit gang. This cybercriminal group, despite being disrupted by a multi-government operation earlier this year, continues its activities. Evolve identified the intrusion in May, discovering that hackers had accessed their systems. The bank confirmed that they did not pay the ransom demanded by LockBit, leading to the compromised data being published on the gang’s dark web leak site.
Timeline and Response
The letter sent to affected customers detailed that the hackers accessed and downloaded customer information from Evolve’s databases and a file share during periods in February and May 2024.
Impact on Financial Technology Partners
Evolve’s fintech partners also faced repercussions due to the breach:
Affirm: Affirm, a financial technology partner of Evolve, confirmed that their customer data might have been compromised as a result of the breach.
Mercury: Mercury, another fintech startup, disclosed that the breach affected some account numbers, deposit balances, business owner names, and email addresses.
Wise (formerly TransferWise): Wise stated that some of their customers’ personal information might have been involved in the breach.
Preventative Measures and Future Steps
The scale of the breach highlights the critical need for robust cybersecurity measures. Evolve is expected to enhance its security protocols to prevent future incidents. This event underscores the importance of continuous monitoring, timely identification of breaches, and comprehensive response strategies to mitigate damage.
Protecting Yourself
Given the extensive nature of this breach, individuals and organizations should take immediate steps to safeguard their digital security. Here are some recommended measures:
- Change Your Passwords: If you suspect your passwords may have been compromised, change them immediately. Ensure each password is unique and strong, incorporating a mix of letters, numbers, and special characters.
- Use Multi-Factor Authentication (MFA): Enable MFA wherever possible. MFA adds an extra layer of security by requiring additional verification beyond just a password.
- Monitor Your Accounts: Regularly check your accounts for any suspicious activity. Set up alerts for unusual login attempts or transactions.
- Utilize Password Managers: Consider using a password manager to generate and store complex, unique passwords for each of your accounts. Password managers help maintain strong security practices without needing to remember multiple passwords.
- Stay Informed: Keep abreast of the latest cybersecurity news and updates. Awareness of emerging threats can help you take proactive measures to protect your information.
Conclusion
The Evolve Bank & Trust cyberattack serves as a stark reminder of the ever-present risks in the digital age. With the personal data of millions compromised, the incident underscores the critical need for robust cybersecurity measures and vigilance from both organizations and individuals. As the investigation continues and more information surfaces, it is crucial to remain informed and take necessary precautions to protect personal and financial information.
Stay vigilant, stay informed, and prioritize your digital security in this ever-evolving landscape of cyber threats. At The Scam Protector, we save people from getting scammed by raising awareness and informing them about prevalent online scams. You can do it too just by joining our tribe on Twitter , Facebook, Quora, Reddit, LinkedIn.
