Massive Data Breach at Evolve Bank & Trust Exposes Personal Information of Millions


In a devastating blow to its security, U.S.-based banking-as-a-service giant Evolve Bank & Trust has confirmed that cybercriminals accessed the personal data of millions of customers in a recent cyberattack. According to a filing with Maine’s attorney general, at least 7.6 million people, including more than 20,000 customers based in Maine, were affected by the breach.

While Evolve did not specify all the types of compromised data in the filing, the bank previously acknowledged on its website that attackers had accessed names, Social Security numbers, bank account numbers, and contact information of its personal banking customers. Additionally, personal data of Evolve employees and information related to customers of its financial technology partners were also compromised.

Several of Evolve’s partners have reported impacts from the breach. Affirm disclosed that the attack “may have compromised some data and personal information” of its customers. Mercury, a fintech startup, revealed via a post on X that the breach affected “some account numbers, deposit balances, business owner names, and emails.” Similarly, Wise, formerly known as TransferWise, confirmed that “some Wise customers’ personal information may have been involved.”

Evolve is still investigating the full extent of the compromised data, including information related to its business, trust, and mortgage customers.

Last week, Evolve identified the breach as the result of a February ransomware attack executed by the Russia-linked LockBit gang. Despite a multi-government operation earlier this year that disrupted LockBit, the group’s administrator remains at large. The bank discovered the intrusion in May and stated that it did not pay the ransom demand, leading LockBit to publish the compromised data on its dark web leak site.

Evolve detailed in a letter to affected customers that hackers had accessed and downloaded customer information from its databases and file shares during periods in February and May 2024.

Commenting on the attack, Tim Eades, Co-founder and CEO at Anetac, highlighted the sophistication and persistence of modern ransomware threats. “Despite recent crackdowns, the surge of ransomware attacks continues unabated in 2024. Oftentimes, these threat actors will live within an organization’s environment to prep and successfully exfiltrate and encrypt sensitive data.”

Eades elaborated on the Evolve Bank attack, noting the extent of the intrusion. “In the recent Evolve Bank attack, it took around 45 days before the encryption event happened. During this time, threat actors reset the password of a service account, escalated privileges for that domain administrator, created multiple local admin accounts, disabled and implemented tools, and committed other acts of mayhem leading to the main, catastrophic event.”

Eades emphasized the need for advanced security measures to combat such threats. “Organizations need a modern identity vulnerability and security solution that monitors all access points in real-time, including service accounts, APIs, tokens, access keys, and user accounts. Understanding the chains of access throughout these complex systems can help ensure that the least privileges are enforced. Adding ongoing identity behavior analysis to detect and alert unusual activity allows organizations to better defend against the evolving ransomware threat and protect their critical data from future attacks.”

As Evolve Bank & Trust continues to investigate the breach, the incident underscores the pressing need for robust cybersecurity measures to protect sensitive information against increasingly sophisticated cyber threats.