Evolve Bank cyberattack exposes customer data and prompts US federal response

The timing of the breach highlights the pressing need for robust cybersecurity measures in financial institutions.

Cyberattacks on US utilities have risen nearly 70%, posing a serious threat to the nation's infrastructure.

Arkansas-based Evolve Bank and Trust confirmed a cyberattack that led to customer data being leaked on the dark web. The cybercrime group Lockbit 3.0 claimed responsibility for the hack, demanding a ransom from the Federal Reserve. The bank has involved law enforcement in the investigation, providing free credit monitoring and identity theft protection to affected customers.

The breach follows a directive from the US Federal Reserve for Evolve to improve its risk management and compliance with anti-money laundering regulations. Additionally, Fintech company Mercury revealed that some of its customers’ account numbers and deposit balances were compromised, and those affected have been informed and given preventive measures.

Why does it matter?

The cyberattack on Evolve Bank exposed sensitive customer data to potential misuse, including identity theft and financial fraud. It highlights vulnerabilities in financial institutions’ cybersecurity defences, prompting data protection and regulatory compliance concerns.