Arkansas-based Evolve Bank and Trust confirmed a cyberattack that led to customer data being leaked on the dark web. The cybercrime group Lockbit 3.0 claimed responsibility for the hack, demanding a ransom from the Federal Reserve. The bank has involved law enforcement in the investigation, providing free credit monitoring and identity theft protection to affected customers.
The breach follows a directive from the US Federal Reserve for Evolve to improve its risk management and compliance with anti-money laundering regulations. Additionally, Fintech company Mercury revealed that some of its customers' account numbers and deposit balances were compromised, and those affected have been informed and given preventive measures.
The cyberattack on Evolve Bank exposed sensitive customer data to potential misuse, including identity theft and financial fraud. It highlights vulnerabilities in financial institutions' cybersecurity defences, prompting data protection and regulatory compliance concerns.