- Evolve Bank and Trust confirmed on Wednesday it was the victim of a cybersecurity incident that involved customers’ data being illegally released on the dark web.
- Lockbit 3.0, the hacking group behind the Evolve leak, functions as a ransomware-as-a-service group.
OUR TAKE
The incident not only poses a challenge to Evolve Bank’s reputation, but also highlights the growing cybersecurity threats facing financial institutions in the digital age. The government and regulators will closely monitor the progress of this incident and may further strengthen the security standards and compliance requirements of the financial industry to deal with potential threats in the future.
–Revel Cheng, BTW reporter
Evolve Bank and Trust confirmed on Wednesday it was the victim of a cybersecurity incident that involved customers’ data being illegally released on the dark web.
What happened
Evolve Bank & Trust confirmed it was the victim of a cyber attack and that customer data had been posted on the dark web, less than two weeks after the Arkansas-based lender was ordered by regulators to improve its risk management and get approval before entering into any new partnerships.
The Russian-linked hacker group LockBit 3.0 on Tuesday posted data taken from Evolve’s systems after claiming earlier in the week that it had hacked the US Federal Reserve, giving US officials until Tuesday afternoon to pay an undisclosed amount in exchange for the information purportedly stolen from the central bank’s systems. So far, it does not appear that any sensitive data from the Fed has been released by the group.
A spokesperson for Evolve said in an email that the incident has been contained and the company is currently investigating the situation with “appropriate law enforcement authorities.” The bank also said it will offer all affected customers complimentary credit monitoring with identity theft protection services. It’s still unclear exactly what information was included in the data, which Evolve said was stolen by a “known cybercriminal organisation” without naming LockBit.
Also read: Digital banking’s essential shift
Also read: Bank of America puts banking, investing, retirement into one app
Why it’s important
Lockbit 3.0, the hacking group behind the Evolve leak, functions as a ransomware-as-a-service gang, where members lease their technical tools to affiliates and take a percentage of any extortion payments.
The group posted the Evolve information on a darkweb forum tied to Lockbit, a prolific ransomware gang that has received millions of dollars in payments following attacks on thousands of victims, including the Industrial & Commercial Bank of China Ltd., Boeing Co and the UK’s Royal Mail. By 2022, the group had rebranded itself as LockBit 3.0.
In February, law enforcement agencies from 11 countries – led by the UK’s National Crime Agency and aided by the US Federal Bureau of Investigations–seized LockBit’s technical tools in an operation that targeted its malware deployment system. But the group’s hacking tools have remained widely used since they were leaked to the public in 2022, and members of the group are believed to remain active.
The compromised information included tax identification numbers, as well as wires and settlements, linked to people who have directly and indirectly worked with Evolve, according to Dirce E. Hernandez, a cybersecurity expert with experience in insurance and financial services who has spoken to analysts familiar with the data.