web analytics

Evolve Discloses That Hackers Stole Data of 7.6M Individuals – Source: www.databreachtoday.com

evolve-discloses-that-hackers-stole-data-of-76m-individuals-–-source:-wwwdatabreachtoday.com
Rate this post

Source: www.databreachtoday.com – Author: 1

Finance & Banking
,
Fraud Management & Cybercrime
,
Incident & Breach Response

Stolen Data Includes Names, Social Security and Bank Account Numbers, Contact Info

David Perera (@daveperera) •
July 9, 2024    

Evolve Discloses That Hackers Stole Data of 7.6M Individuals
LockBit hackers stole the information of 7.6 million individuals from Evolve Bank & Trust.

Evolve Bank & Trust disclosed that hackers stole the data of more than 7.6 million individuals in an incident detected in May.

The Arkansas firm has been in incident disclosure mode for weeks now, following Evolve’s listing on the leak site of the Russian-speaking ransomware-as-a-service operation LockBit in late June.

See Also: NHS Ransomware Attack: Healthcare Industry Infrastructures Are Critical

In an official disclosure, Evolve said it detected hackers on May 29 and at first attributed signs of a malicious breach to “a hardware failure.” An investigation showed hackers penetrated the bank’s systems as early as February.

“No new unauthorized activity on Evolve’s systems has been identified since May 31, 2024,” the company said.

The tally of affected individuals, which include Evolve clients as well as customers of its banking platform, is 7,640,112.

Evolve Bancorp operates both a traditional bank and open banking services, which it provides to a number of fintech companies via what’s often referred to as banking as a service.

In a copy of the data breach notification letter it filed, Evolve didn’t disclose the types of data that hackers stole, but the company has already acknowledged that hackers stole names, Social Security numbers, bank account numbers and contact information.

The incident has had a cascading effect on the financial industry as Evolve customers are notifying their customers that hackers stole their data. Among the affected current and past clients of Evolve are “buy now, pay later” creditor Affirm and money transfer service Wise (see: Evolve Ransomware Hack Affects Affirm and Fintech Companies).

June was a challenging month for the company. Just days before LockBit disclosed the attack, the Federal Reserve Board ordered the bank to improve its anti-money laundering and risk management programs, “including through enhanced procedures related to recordkeeping and consumer compliance programs.”

LockBit initially claimed to have hacked the Federal Reserve rather than Evolve, likely because the hacker spotted a stolen document that said “United States Federal Reserve” and assumed the victim was the central bank (see: Bogus: LockBit’s Claimed Federal Reserve Ransomware Hit).

Original Post url: https://www.databreachtoday.com/evolve-discloses-that-hackers-stole-data-76m-individuals-a-25732

Category & Tags: –

Views: 6

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

Codrut Andrei
Cybersecurity Talent Crisis Today and Tomorrow by Codrut Andrei
Cybersecurity Talent Crisis Today and...
SCYTHE
Better Cybersecurity Metrics – SOC Metrics – Threat Hunting Metrics – Cyber Threat Intelligence (CTI) Metrics – Incident Response (IR) Metrics for CISOs by SCYTHE
Better Cybersecurity Metrics – SOC...
ACSC Australia
Personal Cyber Security First Steps by Australian Government – ACSC
Personal Cyber Security First Steps...
Joas Antonio
100 Security Operation Tools for SOCs by Joas Antonio
100 Security Operation Tools for...
Joas Antonio
Guide for Multi-Cloud Read Team AWS – GCP – AZURE by Joas Antonio
Guide for Multi-Cloud Read Team...
SANS
SANS Faculty Cybersecurity Free Tools – SANS Instructors have built more than 150 open source tools that support your work and help you implement better security.
SANS Faculty Cybersecurity Free Tools...
Marcos Jaimovich
The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.
The Silent Spectre Haunting Your...
Marcos Jaimovich
Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?
Goodbye to Traditional: Why Conventional...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...
IZZMIER
Incident Response Playbooks & Workflows Ready for use in your SOC & Redteams
Incident Response Playbooks & Workflows...
LOGPOINT
396 Use Cases & Siem Rules Code ready for use for Mitre Attacks Events Detection in Your SOC by Logpoint
396 Use Cases & Siem...

LASTEST PUBLISHED POSTS

Top 300 Azure Sentinel Used Cases KQL (Kusto Query Language) queries
Top 300 Azure Sentinel Used...
WITH SECURE
Threat Landscape Update Report
Threat Landscape Update Report
ThreatRadar
Threat Intel Roundup
Threat Intel Roundup
ThreatRadar
Threat Intel Roundup
Threat Intel Roundup
ThreatRadar
Threat Intel Roundup
Threat Intel Roundup
Mihaela Curcă
The Role of Cyber Espionage inInternational Relations
The Role of Cyber Espionage...
GLOBAL NETWORK OF DIRECTOR INSTITUTES
THE FUTURE OF BOARD GOVERNANCE
THE FUTURE OF BOARD GOVERNANCE
Deloitte
The CISO’s Guide to Generative AI
The CISO’s Guide to Generative...
Capgemini
PROMPT THE FUTURE
PROMPT THE FUTURE
Google
We’re All in this Together
We’re All in this Together
CyberSN
U.S. Cybersecurity Job Posting Data Report
U.S. Cybersecurity Job Posting Data...
CISA | Cybersecurity and Infrastructure Security Agency
UNDERSTANDING AND RESPONDING TO DISTRIBUTED DENIAL-OF-SERVICE ATTACKS
UNDERSTANDING AND RESPONDING TO DISTRIBUTED...

More Latest Published Posts

Active Directory
Active Directory IT AuditChecklist
Active Directory IT AuditChecklist
A guide to business continuity planning
A guide to business continuity planning
LOG RHYTHM
Using MITRE ATT&CK™ in Threat Huntingand Detection
Using MITRE ATT&CK™ in Threat Huntingand Detection
Kaspersky
H2 2023 – A brief overviewof main incidentsin industrial cybersecurity
H2 2023 – A brief overviewof main incidentsin industrial cybersecurity
Andrey Prozorov
24 Great Cybersecurity Frameworks
24 Great Cybersecurity Frameworks
ENISA-EUROPA
SEGURIDAD DE TELECOMUNICACIONES
SEGURIDAD DE TELECOMUNICACIONES
Project Management Institute
Building Resilience Through Strategic Risk Management
Building Resilience Through Strategic Risk Management
DATA LOSS PREVENTION (DLP)
DATA LOSS PREVENTION (DLP)
AICSSolutions
Cybersecurity Red Team
Cybersecurity Red Team
cisco
Cyber Incident Response
Cyber Incident Response
CSR Cyber Security Council
EVERY BUSINESS HAS DUTIES OF CARE IN THE FIELD OF CYBER SECURITY
EVERY BUSINESS HAS DUTIES OF CARE IN THE FIELD OF CYBER SECURITY
SYBEX
Cybersecurity ESSENTIALS
Cybersecurity ESSENTIALS
Agency for Digital Government
Cyber security in supplier relation ships
Cyber security in supplier relation ships
RINKU
Curso de introducción KALI LINUX PARA HACKERS ÉTICOS
Curso de introducción KALI LINUX PARA HACKERS ÉTICOS
CNIL
PRACTICE GUIDE GDPR
PRACTICE GUIDE GDPR
FERMA
THE ROADMAP TO STRATEGIC RISK MANAGEMENT
THE ROADMAP TO STRATEGIC RISK MANAGEMENT
ENISA-EUROPA
Cyber Resilience Act Requirements Standards Mapping
Cyber Resilience Act Requirements Standards Mapping
CYTAD
Essential Data Privacy Checklist
Essential Data Privacy Checklist
SF-ISAC
Digital Operational Resilience Act
Digital Operational Resilience Act
SYNGRESS
DIGITAL FORENSICS WITH Open Source TOOLS
DIGITAL FORENSICS WITH Open Source TOOLS
IT REVOLUTION DEVOPS ENTERPRISE FORUM
DevOps Automated Governance Reference Architecture
DevOps Automated Governance Reference Architecture
SANS GIAC CERTIFICATIONS
Detecting Attacks on Web Applications from Log Files
Detecting Attacks on Web Applications from Log Files
EUROPEAN DATA PROTECTION SUPERVISOR
ANNUAL REPORT 2023
ANNUAL REPORT 2023
TechTarget
IT Disaster Recovery Plan Template
IT Disaster Recovery Plan Template
Opstune
IOC Scan Framework v2.0
IOC Scan Framework v2.0
Federal Office for Information Security
Indirect Prompt Injections
Indirect Prompt Injections
the Department of the Environment Climate and Communications
Guidelines on CyberSecurity Specifications
Guidelines on CyberSecurity Specifications
Security METRICS
Security Metrics Guide to PCI DSS Compliance
Security Metrics Guide to PCI DSS Compliance