Evolve Bank: Ransomware Hackers Stole Data From 7.6 Million Users

Evolve Bank & Trust has confirmed that over 7.6 million users lost their data to hackers during a ransomware attack. 

On Monday, the company disclosed the number to Maine’s attorney general and sent out data breach notifications to affected users.

The breach is especially bad since Evolve Bank lost customers’ Social Security numbers, bank account numbers, and contact information to a notorious ransomware gang known as Lockbit, which likely operates out of Russia. The gang hacked Evolve on Feb. 9, but the intrusion wasn't detected for over three months.

The breach also ensnared Evolve Bank’s partners, including users of Affirm, a “buy now, pay later” service, and another financial tech company called Mercury. But its effects could be more far-reaching, as the bank says it's "still investigating what other personal information was affected, including information regarding our Business, Trust, and Mortgage customers."

The loss of such personal information risks giving cybercriminals a way to conduct identity theft schemes against affected users. However, Evolve Bank tells customers that “there is no evidence that the criminals accessed any customer funds.”

Recommended by Our Editors

To Extort Ticketmaster, Hackers Allegedly Leak Taylor Swift Concert Tickets

US Warns About Black Basta Ransomware After Ascension Hospital Hack

Arkansas Sues Temu, Claims Chinese Shopping App Is Malware

Lockbit initially claimed the breach at Evolve Bank was tied to the US Federal Reserve. Although Evolve Bank refused to pay the ransom, the company says the gang resorted to leaking the stolen customer information. 

In response to the breach, Evolve Bank is offering affected customers two years of identity and credit monitoring services. But at least a few users are demanding the company do more by filing class-action lawsuits against the banking provider to force it to pay damages.