Evolve Bank & Trust, headquartered in Arkansas, has confirmed a significant data breach orchestrated by the LockBit ransomware group. The cybercriminals accessed and subsequently leaked customer information, including sensitive Personal Identification Information (PII), on the dark web. Despite the breach, the bank reassured customers that the incident has been contained, with no ongoing threat to retail banking services like debit cards and digital banking credentials.
Affected customers will be notified about the breach and offered free credit monitoring services. Additionally, some will receive new account numbers as a precautionary measure. The LockBit group, known for ransomware attacks, had claimed responsibility for breaching the U.S. Federal Reserve, though initial reports linking them to the Federal Reserve turned out to involve Evolve Bank’s data instead. The bank, however, has not disclosed specifics about how many individuals were impacted or the exact method of breach.
This breach comes at a challenging time for Evolve Bank, which recently faced scrutiny and a Federal Reserve enforcement action for alleged deficiencies in anti-money laundering controls and risk management practices. Despite attempts by the LockBit group to regain prominence through cyberattacks, their activities have largely been limited to reposting previously stolen data rather than launching new attacks.
