close
close

Investigation shows: LockBit attack affected 7.6 million Americans

  • Within a month of the LockBit attack, Evolve Bank & Trust sent data breach notifications to over 7.6 million Americans whose data was stolen.
  • The bank’s investigation revealed that an employee had clicked on a malicious link, giving a LockBit member unauthorized access to the bank’s database and file shares.

Less than a month ago, LockBit, the notorious ransomware group, claims that it had stolen 33 TB of confidential banking data from the US Federal Reserve. However, it turned out that the data belonged to Evolve Bank & Trust.

At the time of the data breach, the bank had launched an investigation to assess the extent and impact of the data breach. The investigation found that an employee had clicked on a malicious link, giving a LockBit member unauthorized access to the bank’s database and file shares. Evolve said that customer funds remained safe, but acknowledged that the data breach affected several fintech customers.

Now the bank is sending out data breach notifications to over 7.6 million Americans whose data was stolen in this data breach. The notification states: “On May 29, 2024, Evolve discovered that some of its systems were not functioning properly. While it initially appeared to be a hardware failure, we later learned that this was unauthorized activity.”

While the attack was discovered on May 29, the notification said the first breach occurred on February 9. This means that LockBit was on the bank’s network for almost four months.

See more: Polyfill supply chain attack affects more than 110,000 websites

Evolve did not disclose the types of data disclosed in the sample letter submitted to authorities. However, the company is offering two years of identity protection and credit monitoring services to U.S. residents and dark web monitoring services to international residents. Recipients should sign up for this offer by October 31 of this year. Affected customers are advised to be cautious of unsolicited communications, closely monitor their credit history and bank statements, and report any suspicious activity to authorities.

Commenting on the incident, Coro co-founder Dror Liwer told Spiceworks News & Insights: “We are seeing a massive increase in attacks on regional banks and credit unions because they have the same sensitive information as the large financial institutions but only have a fraction of the team size and resources needed to protect against attacks. The standard cybersecurity tools are simply not suitable for a bank with 400 employees that does not have the budget or team to acquire, integrate, manage and maintain these tools. This is a fact that attackers know well and exploit.”

Evolve has partnerships with companies such as Plaid, Shopify, Mercury and Stripe, but these organizations have not yet disclosed whether they were affected by the incident.

More on cyber risk management