Evolve Bank & Trust (financial institution that is used by many fintech startups) has announced that it suffered a data breach. Systems were compromised in late May 2024 and Evolve Bank & Trust states that there was no new unauthorized activity since May 31, 2024. They also state the current evidence shows the following:
This was a ransomware attack by the criminal organization, LockBit.
They appear to have gained access to our systems when an employee inadvertently clicked on a malicious internet link.
There is no evidence that the criminals accessed any customer funds, but it appears they did access and download customer information from our databases and a file share during periods in February and May.
The threat actor also encrypted some data within our environment. However, we have backups available and experienced limited data loss and impact on our operations.
We refused to pay the ransom demanded by the threat actor. As a result, they leaked the data they downloaded. They also mistakenly attributed the source of the data to the Federal Reserve Bank.
Unfortunately as they provide a lot of behind the scenes work for other financial companies it’s difficult to untangle all of the customers that were affected. Here is a partial list (with apologies for any inaccuracies): Wise, Juno, Affirm, Airwallex, Alloy, Bond, Branch, Dave, EarnIn, Marqeta, Melio, Mercury, PrizePool, Step, Stripe, TabaPay.