July 9, 2024 at 10:04AM
Evolve Bank & Trust confirmed that 7.6 million customers’ data was stolen during the LockBit break-in. The incident affected major partners including Wise and Affirm. Evolve responded promptly and offered 24 months of credit monitoring to impacted individuals. The breach occurred amid regulatory scrutiny from the US Federal Reserve, making 2024 a challenging year for the firm. FBCS also updated Maine’s attorney general on its data exposure, with the number of affected individuals now surpassing 4 million.
After reviewing the meeting notes, here are the key takeaways:
1. Evolve Bank & Trust confirmed that the data of over 7.6 million customers was stolen during a break-in, affecting at least three of its major partners. Additionally, Wise and Affirm, international money transfer and buy-now-pay-later companies respectively, confirmed they were materially affected by the break-in.
2. Evolve promptly initiated its incident response processes upon detecting unauthorized activity in its systems and stopped the attack. However, it took the vendor roughly four months to detect the intrusion. The threat actors accessed and downloaded customer information from Evolve’s databases and file share during periods in February and May 2024.
3. The specific data types stolen in each case were not disclosed, but it was mentioned that SSNs, bank account numbers, and contact information for most personal banking customers and partners may be affected, as well as some staff.
4. Evolve has taken steps to notify affected individuals and is offering 24 months of credit monitoring. The victims have until October 31 to enroll for these services.
5. The incident occurred shortly after Evolve received criticism from the US Federal Reserve Board in relation to deficiencies in anti-money laundering, risk management, and consumer compliance programs, resulting in an enforcement action being issued.
6. Financial Business and Consumer Solutions (FBCS) also updated Maine’s attorney general on its own data exposure, with the number of affected individuals surpassing 4 million, including names, SSNs, dates of birth, account information, and identity documents.
These clear takeaways from the meeting notes provide an overview of the data breach incidents at Evolve Bank & Trust and Financial Business and Consumer Solutions.