Trends
Evolve Bank confirms cyber attack and data breach
OUR TAKE The incident not only poses a challenge to Evolve Bank’s reputation, but also highlights the growing cybersecurity threats facing financial institutions in the digital age. The government and regulators will closely monitor the progress of this incident and may further strengthen the securi…
Headline
OUR TAKE The incident not only poses a challenge to Evolve Bank’s reputation, but also highlights the growing cybersecurity threats facing financial institutions in the digital age. The government and regulators will closely monitor the progress of this incident and may further…
Context
OUR TAKE The incident not only poses a challenge to Evolve Bank’s reputation, but also highlights the growing cybersecurity threats facing financial institutions in the digital age. The government and regulators will closely monitor the progress of this incident and may further strengthen the security standards and compliance requirements of the financial industry to deal with potential threats in the future. –Revel Cheng, BTW reporter Evolve Bank and Trust confirmed on Wednesday it was the victim of a cybersecurity incident that involved customers’ data being illegally released on the dark web.
Evidence
Pending intelligence enrichment.
Analysis
Evolve Bank & Trust confirmed it was the victim of a cyber attack and that customer data had been posted on the dark web, less than two weeks after the Arkansas-based lender was ordered by regulators to improve its risk management and get approval before entering into any new partnerships. The Russian-linked hacker group LockBit 3.0 on Tuesday posted data taken from Evolve’s systems after claiming earlier in the week that it had hacked the US Federal Reserve, giving US officials until Tuesday afternoon to pay an undisclosed amount in exchange for the information purportedly stolen from the central bank’s systems. So far, it does not appear that any sensitive data from the Fed has been released by the group. A spokesperson for Evolve said in an email that the incident has been contained and the company is currently investigating the situation with “appropriate law enforcement authorities.” The bank also said it will offer all affected customers complimentary credit monitoring with identity theft protection services. It’s still unclear exactly what information was included in the data, which Evolve said was stolen by a “known cybercriminal organisation” without naming LockBit. Also read: Digital banking’s essential shift
Key Points
- Evolve Bank and Trust confirmed on Wednesday it was the victim of a cybersecurity incident that involved customers’ data being illegally released on the dark web.
- Lockbit 3.0, the hacking group behind the Evolve leak, functions as a ransomware-as-a-service group.
Actions
Pending intelligence enrichment.
