Breach, Ransomware

Over 7.6M Consumers’ Data Compromised in Evolve Bank Breach

Banking industry security protocol falters in third-party vendor contracts

TechCrunch reports that major U.S. banking-as-a-service provider Evolve Bank & Trust had more than 7.6 million of its customers' personal information compromised following an attack by the LockBit ransomware operation in February.

Additional details regarding the data exfiltrated in the breach were not provided in Evolve's latest filing with the Office of the Maine Attorney General.

However, the financial services firm previously reported that the intrusion — which involved the infiltration of its databases and a file share between February and May — had impacted its personal banking clients' names, Social Security numbers, contact information, and bank account numbers, in addition to its employees' data, and its fintech partners' customers' information.

Such a filing comes after some of Evolve's partners in serving the consumer industry, including Affirm, Wise, and Mercury, disclosed having their customers' personal information exposed as a result of the Evolve breach. Evolve has also been mum on whether more individuals are expected to have had their data impacted by the incident.