Evolve Bank Announces Personal Data of Millions of Customers Compromised by Ransomware Attack

Evolve Bank & Trust, a major U.S.-based provider of banking services, announced that a recent data breach resulted in unauthorized access to the personal details of millions of its customers.

According to documents submitted to the Maine attorney general on Monday, Evolve acknowledged that the breach compromised the information of no fewer than 7.6 million people, with over 20,000 affected individuals residing in Maine. The repercussions of this event are still unfolding. 

TechCrunch was informed by Evolve representative Eric Helvie, who refused to comment on whether they anticipate an increase in the number of impacted customers.

Evolve has yet to detail the exact nature of the exposed data in their submission, though a prior announcement on its own site revealed that the breach included names, Social Security numbers, banking details, and contact information of its clientele, as well as personal data of Evolve staff and information related to its fintech partners’ customers.

Among the affected partners, Affirm, a collaborator with Evolve, recently acknowledged a potential compromise of its customers’ data due to the breach. Mercury, a fintech innovator working with Evolve, disclosed on X that the incident affected multiple account details, including business owners’ names and email addresses.

Likewise, the money transfer agency Wise (previously known as TransferWise) verified last week that personal information of some of its customers might have been implicated.

Evolve is continuing its investigation to determine the full scope of personal information that was compromised, including data related to their business, trust, and mortgage clientele.

Evolve recently stated that the cyber incident was led by a ransomware attack in February traced back to the Russia-associated LockBit syndicate. Despite a multinational effort to disrupt this gang, its leader is still at large.

The breach was detected in May by the bank, revealing unauthorized system access by the hackers. Despite receiving a ransom demand, Evolve chose not to comply, leading to LockBit publishing the stolen data on their dark web portal, which has since been reactivated. 

Evolve’s communication to the victims highlighted that the intruders downloaded “customer information from Evolve’s databases and a file share during the episodes in February and May 2024.”

Updated to include Evolve’s decline to further elaborate on the breach details.