Evolve Bank & Trust, a prominent U.S.-based banking-as-a-service provider, has revealed that cybercriminals recently breached their systems and accessed the personal data of millions of customers.
According to a report filed with Maine’s attorney general on Monday, Evolve confirmed that the personal information of at least 7.6 million individuals, including over 20,000 customers in Maine, was compromised in the cyberattack, with the impact continuing to expand.
When asked by TechCrunch if this number is expected to rise, Evolve has not yet provided a response.
While the specific types of data exposed were not detailed in the report, Evolve previously disclosed on their website that the attackers gained access to names, Social Security numbers, bank account details, and contact information of personal banking customers, as well as personal data of Evolve employees and individuals associated with the financial technology partners of Evolve.
Among the affected partners are Affirm, which confirmed that some customer data may have been compromised, and Mercury, a fintech startup that noted on X the impact on certain account details, deposit balances, owner names, and emails. Additionally, Wise (previously known as TransferWise) acknowledged that “some Wise customers’ personal information may have been involved.”
It remains uncertain whether the scope of compromised data will expand, as Evolve mentioned ongoing investigations into the potential impact on business, trust, and mortgage customers.
Last week, Evolve confirmed that the breach stemmed from a ransomware attack in February carried out by the Russia-linked LockBit gang, which had been targeted in a multi-government operation earlier this year, though its leader remains at large.
The intrusion was identified by the bank in May, revealing the hackers’ unauthorized access to their systems. Despite the ransom demands, Evolve did not pay up, prompting LockBit to expose the stolen data on their dark web site.
In notifications to affected customers, Evolve disclosed that the hackers managed to download customer information from their databases and shared files during incidents in February and May 2024.
