July 1, 2024
46 Comments
by William Charles
Evolve Bank & Trust (financial institution that is used by many fintech startups) has announced that it suffered a data breach. Systems were compromised in late May 2024 and Evolve Bank & Trust states that there was no new unauthorized activity since May 31, 2024. They also state the current evidence shows the following:
- This was a ransomware attack by the criminal organization, LockBit.
- They appear to have gained access to our systems when an employee inadvertently clicked on a malicious internet link.
- There is no evidence that the criminals accessed any customer funds, but it appears they did access and download customer information from our databases and a file share during periods in February and May.
- The threat actor also encrypted some data within our environment. However, we have backups available and experienced limited data loss and impact on our operations.
- We refused to pay the ransom demanded by the threat actor. As a result, they leaked the data they downloaded. They also mistakenly attributed the source of the data to the Federal Reserve Bank.
Unfortunately as they provide a lot of behind the scenes work for other financial companies it’s difficult to untangle all of the customers that were affected. Here is a partial list (with apologies for any inaccuracies): Wise, Juno, Affirm, Airwallex, Alloy, Bond, Branch, Dave, EarnIn, Marqeta, Melio, Mercury, PrizePool, Step, Stripe, TabaPay, Bilt.
You may also like
Netspend Accounts Now Showing Chase/Citi Offers
10 Escape Lounges Being Added To Priority Pass (BDL, CMH, CVG, GSP, MSP, OAK, PHX, PVD, SMF)
Amtrak Now Allowing Cash + Points Bookings (Awful Redemption Rates)
Korean Air Terminates Marriott Partnership
Wells Fargo Losing Up To $10M Per Month On Bilt Card
Subscribe
46 Comments
newest
oldest most voted
Naddi(@guest_1868707)
July 3, 2024 05:27
#1868707
I’ve found that non-tech employees at financial institutions are ignorant about computer security. They’ve asked me to email personal information like a copy of my DL in order to get approved for a CC. They claimed email is secure because the employees can only access it through their VPN. Those buffoons don’t know how the internet works. The weak link at a company is always the most ignorant and careless employees. That apparently was the case here as well — clicking on a link and not having anti-malware on the computer.
1
Reply
SaverGirl(@guest_1868272)
July 2, 2024 14:11
#1868272
PatelCo Credit Union is also affected
Reply
Sam W.C.(@guest_1868179)
July 2, 2024 11:44
#1868179
How thousands of Americans got caught in fintech’s false promise and lost access to bank accounts
https://www.cnbc.com/2024/07/02/synapse-fintech-fdic-false-promise.html
3
Reply
Jon(@guest_1868254)
July 2, 2024 13:55
#1868254
Sam W.C.
Are you lost?
Reply
James(@guest_1868145)
July 2, 2024 10:44
#1868145
Freezing the big 3 credit bureaus is not sufficient to significantly impair identity theft. This reddit post details some more obscure credit bureaus you should also freeze if your information was compromised.
https://www.reddit.com/r/IdentityTheft/s/AUTR8pUmDp
The nuclear option would of course be opting out of Lexis nexis entirely, but that would greatly impair churning as well.
1
Reply
Ren(@guest_1868113)
July 2, 2024 09:36
#1868113
“Well, I got bad credit so the joke’s on you!”
https://getyarn.io/yarn-clip/35bac6b9-1e36-4c28-9ab6-c379c5bb7122
Reply
“Evolve Bank & Trust grapples with a recent data breach, underscoring the urgent need for enhanced cybersecurity measures in fintech.
Reply
Your coverage of the incident and its implications is crucial for raising awareness. Stay vigilant and informed about protecting sensitive information. An important read for all!
3.5
Reply
Evilex(@guest_1868085)
July 2, 2024 08:28
#1868085
Anyone informed how to protect ourselves againts their incompetence? I looked on google and you can lock your ssn by creating an E-verify, however, couldn’t find a final answer as to how it affects new loans and credit cards, it says locking it prevents wage theft and “sometimes” loan application and credit cards, the “sometimes” has me worried, why sometimes and not always…
Reply
Evilex(@guest_1868103)
July 2, 2024 09:18
#1868103
Evilex
Nevermind, i went ahead and froze all 3 bureaus.
Reply
Skooby(@guest_1868115)
July 2, 2024 09:40
#1868115
Evilex
I froze all my credit bureau accounts over 10 years ago when hacking first got popular.
Reply
Evilex(@guest_1868134)
July 2, 2024 10:25
#1868134
Skooby
Haha i guess that didn’t crossed my mind until today cuz i had nothing back when that happened, from now on i’ll be more vigilant. Early this year i also upgraded all my accounts security, harder passwords, two factor, etc, realized they somewhat simple.
Reply
Jon(@guest_1868256)
July 2, 2024 13:56
#1868256
Skooby
Ah yes 2014 the year of popularized hacking
3
Reply
Skooby(@guest_1868559)
July 2, 2024 21:10
#1868559
Jon
It actually started around 2000 and I I set up fraud alerts but 10 years later it was out of control, so I just froze everything. It has definitely worked. Knock on wood.
Reply
Lee(@guest_1868047)
July 2, 2024 05:48
#1868047
Evolve was the original issuer of the Bilt Card. Such cardholders are receiving notices.
1
Reply
Lee
Evolve Bank and Trust is also the bank for the Bilt Rent Rewards account.
https://support.biltrewards.com/hc/en-us/articles/5536541311373-What-is-a-Rent-Rewards-Account
4
Reply
Sam(@guest_1868013)
July 2, 2024 01:30
#1868013
There’s still that many fintechs? What’s this 2018?
1
Reply