The data leak at Evolve Bank has affected Bitfinex and other platforms.
Crypto-friendly financial institution Evolve Bank and Trust was embroiled in a massive data breach. The bank admitted it had been aware of the incident, which involved the theft of 33 terabytes of user data.
While Evolve Bank maintained that customer funds appear to remain untouched, they admitted that the hackers likely managed to download sensitive customer information stored in the bank’s databases.
Evolve Bank’s Breach Exposes Bitfinex and Other Firms’ Data
The cyberattack has been linked to the notorious Russian ransomware group Lockbit. Reports suggest that the personal information of Bitfinex users was among the stolen data.
The stolen data from Evolve Bank reportedly contains sensitive personally identifiable information (PII), including names, addresses, social security and tax ID numbers, dates of birth, account balances, and email addresses.
The information is said to be associated with over 155.5k accounts connected to different companies such as Bitfinex, Nomad, and Copper Banking.
In an official update on Monday, Evolve revealed that some of its systems malfunctioned due to “unauthorized activity” in late May. This was apparently caused by an employee clicking a malicious link unwittingly. The bank went on to assert that it halted the attack “within days” and observed no further unauthorized activity since May 31.
Delay in Notifying Affected Companies and Users
Evolve said that the threat actor encrypted some data within its environment but the platform managed to limit the loss as well as the impact on its operations due to the backups available. It also refused to pay the ransom and claimed that Lockbit mistakenly linked the data to the Federal Reserve.
“The investigation is in its early stages, but it appears that names, Social Security numbers, bank account numbers, and contact information were affected for most of our personal banking customers, as well as customers of our Open Banking partners. We have now learned that personal information relating to our employees was also likely impacted.”
Following this incident, several fintech players who have worked with the bank have cautioned their customers about potential data compromise connected to the breach.
However, according to Fintech Business Weekly reporter Jason Mikula, Evolve is said to have delayed notifying affected fintech companies as well as end users until the breach became public knowledge last week.