Cyber Incident Victim: Evolve Bank & Trust

The cybersecurity incident at Evolve Bank & Trust began in late May 2024 when the bank identified system irregularities initially thought to stem from hardware failure. Subsequent investigation revealed unauthorized activity traced to a ransomware attack by the LockBit criminal organization. The breach originated when an employee inadvertently clicked a malicious internet link, enabling threat actors to access systems during periods in February and May 2024. Attackers exfiltrated customer data from databases and file shares before encrypting portions of the environment. Evolve refused ransom demands, prompting LockBit to leak stolen data on the dark web while falsely attributing the source to the Federal Reserve Bank. The bank contained the incident by May 31, 2024, with no observed unauthorized activity beyond that date, and engaged cybersecurity specialists to restore services using available backups that limited operational disruption.

Compromised data included names, Social Security numbers, account numbers, dates of birth, and contact information for retail banking, mortgage, and small business customers, along with clients of Open Banking partners. A subset contained debit card numbers, while accessed ACH transaction records exposed payor/payee financial account numbers, routing details, and names. Employee personal information was also compromised, though specific data types remained under investigation. Evolve initiated system hardening measures including global password resets, reconstruction of Active Directory components, firewall enhancements, and deployment of endpoint detection tools. Notification processes began July 8, 2024, with emails detailing two years of complimentary credit monitoring for U.S. residents and dark web monitoring for international customers, supplemented by a dedicated call center. The breach investigation remained ongoing with anticipated additional notifications as forensic analysis progressed.