A notorious hacker has successfully breached a major US bank, stealing sensitive customer information from a long list of financial firms in the process.
The Tennessee-based lender Evolve Bank & Trust says the Russian-linked ransomware gang LockBit has hacked its system and appears to have stolen most of its personal banking customers’ names, Social Security numbers, bank account numbers and contact information.
In addition, multiple fintech firms that have worked with the bank including Affirm, Wise, Bilt, Marqeta, Mercury and EarnIn have released various statements either confirming some of their customers’ data was also stolen in the attack or announcing further investigation is underway.
The consumer rights law firm Schubert Jonckheer & Kolbe says in total, the data breach has affected millions of customers.
Affirm, which has 18 million customers alone, says it believes that the personal information of its Affirm Card users was compromised in the hack.
Evolve says its system was accessed after an employee clicked on a malicious link in late May.
News of the hack comes as Evolve deals with a cease-and-desist order from the Federal Reserve and the Arkansas State Bank Department. According to regulators, the bank showed weaknesses in its risk management and compliance programs relating to anti-money laundering laws.
Evolve Bank & Trust is a commercial bank with $1.551 billion in total assets and 26 locations.
Don't Miss a Beat – Subscribe to get email alerts delivered directly to your inbox