Evolve Bank’s Cyber Attack Exposes Risk Management Cracks in FinTech

Last week, Evolve Bank & Trust announced that it had suffered a data breach. The Evolve bank data breach was characterized by unauthorized leakage of customer data on the dark web. According to CIO News, the data breach was a result of a cybersecurity failure.

On Wednesday, Evolve Bank & Trust informed its retail customers and fintech partners that it had commenced investigations into the cyberattack.

In a notice published on its website, Evolve Bank said, “It appears these bad actors have released illegally obtained data, including Personal Identification Information (PII), on the dark web. The data varies by individual, but may include your name, Social Security Number, date of birth, account information, and/or other personal information.”

The company expressed confidence that the breach had been contained.

“Evolve retail banking customers’ debit cards, online, and digital banking credentials do not appear to be impacted by the cybersecurity incident,” Evolve Bank added.

Regulator Warning

The cyberattack on Evolve Bank comes soon after the U.S. Federal Reserve Board issued enforcement action against the bank. Earlier last month, the regulator instructed the bank to reinforce its risk management initiatives concerning anti-money laundering regulations and fintech partnerships.

A representative from the bank said that the bank had sought the support of law enforcement agencies to facilitate its inquiry and remediation efforts.

“We will offer all impacted customers (end users) complimentary credit monitoring with identity theft protection services. Those affected will be contacted directly with instructions on how to enroll in these protective measures,” the representative added.

Impact on Fintech Firms

The Evolve bank cyberattack has caused various fintech companies to initiate investigations into potential impact of the data breach. Mercury, a fintech startup, has already confirmed that its customer data was compromised. The company confirmed that Evolve’s intrusion disclosed emails, business owner names, and deposit balances for certain account numbers.

Mercury reported that impacted customers had been informed. The company also posted information on precautionary measures for its customers on X, formerly Twitter.

Another fintech startup, Affirm, reported possible unauthorized access of its customer database. However, the company says its Money Accounts and card may be safe to use as investigations continue. Other fintech startups that continue to investigate the impact of Evolve bank and Trust data breach include Melio, EarnIn, and Marqueta.

Kelly Kraft, Marqueta Spokesperson said, “Our customers affected by this incident have been notified, and we are working closely with Evolve to understand their remediation effort and how our mutual customers may be impacted.”

Publication of Stolen Data

Lockbut 3.0, a cybercrime group, reportedly published the stolen Evolve data on Tuesday. The hackers allegedly gave the Federal Reserve Board until Tuesday afternoon to comply with ransom demands to avoid disclosure of private information.