Evolve Bank & Trust (Evolve) is sending notices of a data breach to 7.6 million Americans whose data was stolen during a recent LockBit ransomware attack.
In June, LockBit published false claims that it breached the U.S. Federal Reserve. It was later determined that the leaked data actually belonged to Evolve Bank & Trust.
Evolve
confirmed to BleepingComputer that the data belonged to them and launched an investigation to determine the scope and extent of the data breach.
The investigation revealed that an employee clicked on a malicious link, which resulted in a Lockbit member gaining unauthorized access to Evolve's database and file shares, which the attacker downloaded.
Evolve said customer funds remained safe but noted that the attack had impacted several fintech customers. Affirm, Wise, and Bilt independently
confirmed that the Lockbit attack at Evolve impacted their customers.
As promised in Evolve's
latest status update, the company has begun sending data breach notifications to people whose personal information was stolen during the attack. In a filing with the Office of the Maine Attorney General, Evolve says that 7,640,112 people were impacted by the breach.
