Fintech

Evolve Confirms Ransomware Attack as Challenges Grow

Published

7 months ago

on

It’s been a bad month for Evolve Bank and Trustand it’s only getting worse.

Following a “cease and desist” order. released to the bank on June 14, the Arkansas-based lender on Wednesday (June 26) publicly confirmed the news that a ransomware gang had he hacked the bank and published customer data on the dark web.

“Bad actors have released illegally obtained data, including personally identifiable information (PII), onto the dark web. The data varies from individual to individual but may include name, social security number, date of birth, account information and/or other personal information,” Evolve said in a statement. declarationechoing a spokesperson’s comments shared previously with PIMNTI.

The ransomware gang behind the attack is believed to be the Russian-linked LockBit 3.0 cybercriminal group.

The criminal attack comes less than two weeks after Evolve’s risk management program came under Fed scrutiny, and the ongoing fallout from the ransomware attack is playing out as Evolve itself remains locked in the failure case with Synapseof which precisely thousands From end customer funds remain inaccessible while their sensitive data now circulates freely.

The scope of the breach and the data released could impact nearly the entire FinTech landscape beyond just users of Evolve’s Banking-as-a-Service (BaaS) program partners, which include Affirm, Stripe, Mercury, Airwallex, Alloy , Bond (now part of FIS), Branch, Dave, EarnIn, TabaPay and others, along with their customers or anyone who has sent or received a payment from them.

Affirm Wednesday evening (June 26) confirmed that its card product was affected by the Evolve hack.

This remains a developing story.

to know more: FinTech Banking Partner Evolve Bancorp Hit by Major Ransomware Attack

Ransomware is a real problem in financial services

The theft of Know Your Customer (KYC) data and purported identity credential images means the impact of the attack on Evolve could spread far beyond just the lender’s BaaS program to affect the broader financial sector, into particularly external stakeholders with demand deposit accounts (DDA) at Evolve.

Lockbit 3.0, the hacker group believed to be responsible for the Evolve data breach, is one of the most notorious criminal groups in the cybersecurity field.

Just last month (May 7), the US Department of Justice (DOJ) unsealed charges against a Russian citizen for his alleged role as creator, developer and administrator of the LockBit ransomware group “from its inception in September 2019 to the present.”

“The LockBit ransomware group has been one of the most prolific ransomware variants worldwide, causing billions of dollars in losses and devastating critical infrastructure, including schools and hospitals,” the FBI director said Christopher Wray in a statement.

As PYMNTS reported, the The FBI’s latest annual report on Internet crimepublished this spring, revealed that the financial damage to the United States is due to ransomware attacks alone increased by 74% in 2023.

“We’ve always had social engineering attacks, but with the advent of AIit’s much easier to create a bot that has a credible conversation with a victim and convinces many victims at the same time to share their credentials, transfer money, and do other things they wouldn’t normally do,” Maciej PituchaVice President of Product and Data at Mangopayhe told PYMNTS.

“Data is usually the answer. … Building an effective fraud prevention solution requires a lot of data and a lot of experience,” Pitucha added.

to know more: Implement effective cyber hygiene across your business

Future-proof the cyber risk landscape

The Evolve attack comes at the end of a month that has seen several high-profile cyber attacks. These include “significant volume of data” stolen from at least 165 customers of the multi-cloud data warehousing platform Snowflakeas well as a attack about car dealership software provider CDK.

Especially for small and medium-sized businesses (SMBs) that may have modest or non-existent cybersecurity plans, these attacks can be devastating. And typically, smaller banks, like Evolve, often don’t have the IT security budget of larger banks. This can be seen in the deficiencies found by the Federal Reserve and the Arkansas State Bank Department during their investigations into Evolve’s oversight of partnerships with FinTech companies and anti-money laundering requirements.

And the importance of BaaS best practices is becoming increasingly important in a context where, according to PYMNTS IntelligenceApproximately two-thirds of banks and credit unions have entered into at least one FinTech partnership in the past three years, with 76% of banks considering FinTech partnerships necessary to meet customer expectations.



See more in: To assert, banking, Banks, Cyber ​​attack, Cyber ​​security, Data breach, Department of Justice, evolve, Evolve Bank and Trust, FBI, Federal Reserve, Financial technology, News, PIMNTI news, ransomware, Safety, Synapses



Source

Related Topics:

Leave a Reply

Your email address will not be published. Required fields are marked *

Información básica sobre protección de datos Ver más

  • Responsable: Miguel Mamador.
  • Finalidad:  Moderar los comentarios.
  • Legitimación:  Por consentimiento del interesado.
  • Destinatarios y encargados de tratamiento:  No se ceden o comunican datos a terceros para prestar este servicio. El Titular ha contratado los servicios de alojamiento web a Banahosting que actúa como encargado de tratamiento.
  • Derechos: Acceder, rectificar y suprimir los datos.
  • Información Adicional: Puede consultar la información detallada en la Política de Privacidad.

Trending

Exit mobile version