Evolve Bank & Trust (financial institution that is used by many fintech startups) has announced that it suffered a data breach. Systems were compromised in late May 2024 and Evolve Bank & Trust states that there was no new unauthorized activity since May 31, 2024. They also state the current evidence shows the following:
- This was a ransomware attack by the criminal organization, LockBit.
- They appear to have gained access to our systems when an employee inadvertently clicked on a malicious internet link.
- There is no evidence that the criminals accessed any customer funds, but it appears they did access and download customer information from our databases and a file share during periods in February and May.
- The threat actor also encrypted some data within our environment. However, we have backups available and experienced limited data loss and impact on our operations.
- We refused to pay the ransom demanded by the threat actor. As a result, they leaked the data they downloaded. They also mistakenly attributed the source of the data to the Federal Reserve Bank.
Unfortunately as they provide a lot of behind the scenes work for other financial companies it’s difficult to untangle all of the customers that were affected. Here is a partial list (with apologies for any inaccuracies): Wise, Juno, Affirm, Airwallex, Alloy, Bond, Branch, Dave, EarnIn, Marqeta, Melio, Mercury, PrizePool, Step, Stripe, TabaPay, Bilt.
“Within these downloaded files, Evolve identified the following personal data about you: Name, Contact Information, Evolve Account Number, Social Security Number and Date Of Birth.”
This absolutely sucks. Shame on them for not encrypting such sensitive information.
They are also offering 24 months of free credit monitoring through TransUnion.
Got this today as well
I’ve found that non-tech employees at financial institutions are ignorant about computer security. They’ve asked me to email personal information like a copy of my DL in order to get approved for a CC. They claimed email is secure because the employees can only access it through their VPN. Those buffoons don’t know how the internet works. The weak link at a company is always the most ignorant and careless employees. That apparently was the case here as well — clicking on a link and not having anti-malware on the computer.
PatelCo Credit Union is also affected
How thousands of Americans got caught in fintech’s false promise and lost access to bank accounts
https://www.cnbc.com/2024/07/02/synapse-fintech-fdic-false-promise.html
Are you lost?
Freezing the big 3 credit bureaus is not sufficient to significantly impair identity theft. This reddit post details some more obscure credit bureaus you should also freeze if your information was compromised.
https://www.reddit.com/r/IdentityTheft/s/AUTR8pUmDp
The nuclear option would of course be opting out of Lexis nexis entirely, but that would greatly impair churning as well.
“Well, I got bad credit so the joke’s on you!”
https://getyarn.io/yarn-clip/35bac6b9-1e36-4c28-9ab6-c379c5bb7122
“Evolve Bank & Trust grapples with a recent data breach, underscoring the urgent need for enhanced cybersecurity measures in fintech.
Your coverage of the incident and its implications is crucial for raising awareness. Stay vigilant and informed about protecting sensitive information. An important read for all!
3.5
Anyone informed how to protect ourselves againts their incompetence? I looked on google and you can lock your ssn by creating an E-verify, however, couldn’t find a final answer as to how it affects new loans and credit cards, it says locking it prevents wage theft and “sometimes” loan application and credit cards, the “sometimes” has me worried, why sometimes and not always…
Nevermind, i went ahead and froze all 3 bureaus.
I froze all my credit bureau accounts over 10 years ago when hacking first got popular.
Haha i guess that didn’t crossed my mind until today cuz i had nothing back when that happened, from now on i’ll be more vigilant. Early this year i also upgraded all my accounts security, harder passwords, two factor, etc, realized they somewhat simple.
Ah yes 2014 the year of popularized hacking
It actually started around 2000 and I I set up fraud alerts but 10 years later it was out of control, so I just froze everything. It has definitely worked. Knock on wood.
Evolve was the original issuer of the Bilt Card. Such cardholders are receiving notices.
Evolve Bank and Trust is also the bank for the Bilt Rent Rewards account.
https://support.biltrewards.com/hc/en-us/articles/5536541311373-What-is-a-Rent-Rewards-Account