FinTech Banking Partner Evolve Bancorp Hit by Major Ransomware Attack


In many ways, it has been the summer of cyberattacks and data breaches.

And with the news Tuesday (June 25) that Russian-linked ransomware gang Lockbit is claiming to have stolen 33 terrabytes of “juicy banking information containing American’s banking secrets” from the U.S. Federal Reserve, battening down cyber defenses is once more top of mind for security-critical organizations and financial institutions (FIs) alike.

For reference, around 6.5 million documents can be stored on just one terabyte.

“You better hire another negotiator within 48 hours, and fire this clinical idiot who values Americans’ bank secrecy at $50,000,” LockBit representatives reportedly said after negotiations allegedly broke down.

That’s because, on Wednesday (June 26), the ransomware group released a large cache of files posted across 21 separate links belonging to Evolve Bank and Trust, the U.S. financial institution and banking partner of collapsed FinTech Synapse.

The Wednesday release of what is reported to be Evolve Bank’s parent directories, torrents and compressed archive files containing clear text files with end user PII, including SSNs, card PANs, wires and settlement files, came after LockBit’s ransom demands were not met.

“Evolve is currently investigating a cybersecurity incident involving a known cybercriminal organization. It appears these bad actors have released illegally obtained data, on the dark web. We take this matter extremely seriously and are working tirelessly to address the situation,” an Evolve Bank spokesperson told PYMNTS.

This remains a developing story.

Read more: Evolve Was Served a Cease-and-Desist Order — Now What?

Safeguarding Bank IT Operations Against Threats

As reports of LockBit’s infiltration and theft began surfacing and circling earlier this week, Evolve reportedly sent clients of its Open Banking Division an email acknowledging the reports and saying that, in conjunction with “law enforcement and government agencies,” it is investigating the situation.

The hack is just the latest bad news for the bank, which — along with its subsidiary, Evolve Bank and Trust — was on June 14 issued a “cease and desist” order by the Federal Reserve Board.

While the release of the cease-and-desist order remains independent of Evolve’s role in the ongoing Synapse bankruptcy proceedings, the Fed’s reprimand in fact cited the bank’s IT practices and focused on shoring up what have been termed “deficiencies” in risk management and compliance, requiring the FI to develop a plan and timetable to correct its IT security deficiencies.

Evolve, as noted on its website, partners with a wide array of FinTechs including Affirm, Stripe, Mercury, Airwallex, Alloy, Bond (now part of FIS), Branch, Dave, EarnIn, TabaPay and many others.

“If the FinTechs were defined by ‘digital first, with a better user experience and user interface, the winners of the future will combine that with a focus on the back office, on compliance, settlement and reporting, and working closely with their bank partners to make sure they do not get into trouble,” Jim McCarthy, CEO of Thredd, told PYMNTS.

Read more: Fresh Wave of Major Cyberattacks Exposes Key Enterprise Security Weaknesses

Ransomware Attacks and Data Breaches Surge as World Goes Digital

LockBit, the ransomware group claiming to be behind the attack, is already in its third iteration as a criminal institution.

In February, international law enforcement agencies, including the FBI, arrested two LockBit gang members and seized the group’s web infrastructure as part of a wide-reaching takedown operation. It was estimated in early 2023 that LockBit itself was responsible for 44% of all ransomware incidents globally.

The FBI’s latest annual internet crime report, released this Spring, revealed that US financial damages due to ransomware attacks rose 74% in 2023. Already, in 2024, the business landscape has witnessed a staggering cyberattack on Change Healthcare, the billing and payments unit owned by UnitedHealthcare, which caused complete disruptions at healthcare clinics, medical billing companies and pharmacies.

The ransomware attack ultimately cost UnitedHealthcare, $872 million, and the company has said the breach was caused by a ransomware gang known as ALPHV or BlackCat.

The attacks haven’t stopped since then, either. As PYMNTS reported, a “significant volume of data” was stolen from at least 165 customers of multi-cloud data warehousing platform Snowflake on June 10, and Thursday this week it was revealed that stolen data from LendingTree subsidiary QuoteWizard obtained during the Snowflake breach is being sold to the highest bidder on cybercriminal forums.

The same hackers are also reportedly demanding ransom payments ranging from $300,000 to $5 million from other of the breached companies.

And with the latest PYMNTS Intelligence in “How the World Does Digital,” a groundbreaking study on the global digital behavior of 67,000 consumers in 11 countries representing roughly 50% of the world’s GDP, underscoring that the world is only growing more interconnected and dependent — maintaining safe cyber hygiene and shrinking critical attack surfaces is only growing more important for businesses.