Evolve Bank has recently been the victim of a digital attack from the LockBit ransomware, which resulted in the loss of around 33 terabytes of data from banking and fintech platforms. The lost data was subsequently leaked onto the dark web, disrupting the bank’s operations, leading to financial loss and reputation damage.
This significant loss of data has spotlighted a serious security flaw within the cyber infrastructure of Evolve Bank. As a result, cybersecurity experts have been engaged to both investigate the attack and to strengthen the bank’s digital defenses against future risk.
The lost data included personal details, like customer names, Social Security numbers, birthdates, and account information. This poses an enormous threat to individuals and firms implicated in the breach, prompting them to scramble and prevent further damage.
The breach has been traced back to a phishing email in which an employee unknowingly clicked a suspicious link. Evolve Bank refused to pay the ransom, leading the thieves to leak stolen information.
Analyzing Evolve Bank’s extensive data breach
This attracted unwanted scrutiny from federal authorities as the thieves had mistakenly believed their stolen data was associated with the Federal Reserve Bank.
Not only did the attack impact Evolve Bank, but it also affected its clients, including big names such as Affirm, Airwallex, Alloy, Bond (now FIS), Branch, Dave, EarnIn, Marqeta, Mastercard, Melio, Mercury, PrizePool, Step, Stripe, TabaPay, and Visa. As a result of the attack, Evolve had to suspend its online banking services temporarily, causing disruptions in instantaneous transaction processing.
Before the attack, the Federal Reserve identified risk gaps in Evolve’s procedures and its inadequate risk management concerning fintech alliances. Despite efforts to improve risk management, Evolve’s partner, Affirm, failed to adhere fully to the Reserve’s requirements, which may have worsened the data breach.
The security breach exposed systemic weaknesses in the control mechanisms employed by Evolve and its affiliates, raising questions about the effectiveness of its risk mitigation strategies. In response, Evolve and Affirm are now re-evaluating their workflows and security measures to comply with the Federal Reserve’s cybersecurity standards.
Despite earlier significant hindrances, LockBit continues to create chaos within supply chains for financial gain. The recent security infringement at Evolve Bank illustrates their unwavering pursuit of monetary rewards through cyber offenses.
