Key Points:
- Lockbit ransomware group breached Evolve Bank & Trust, exposing confidential data. Affirm acknowledged customer data exposure due to the breach.
- The breach occurred in late May after an Evolve employee clicked on a malicious link. Personal and financial information was accessed.
- Evolve contained the breach, did not pay the ransom, and relied on backups to minimize impact. Evolve assured no customer funds were accessed.
- Federal and international agencies are continuing to try to shut down Lockbit. The FBI obtained over 7,000 decryption keys to help affected individuals.
The Lockbit ransomware group has breached US-based Evolve Bank & Trust, exposing confidential data. This cyberattack also affected customers of Affirm’s “buy now, pay later” service, which acknowledged that some of its customers’ data was compromised.
The cyberattack occurred in late May when an Evolve employee clicked on a malicious link. About a month later, Evolve informed Affirm of the cybersecurity breach, revealing that unauthorized access to personal and financial information had occurred. This information was disclosed in a US Securities and Exchange Commission filing.
Although Evolve has since contained the breach, the users’ data with the Affirm Card, Affirm’s debit card offering, was leaked because Evolve facilitates these cards. Affirm confirmed in its filing that the “personal information of Affirm Card users was compromised as part of Evolve’s cybersecurity incident.”
Affirm is still investigating the extent of the breach but assured that its IT systems were not infiltrated. Despite the breach, Affirm’s debit cards remain active, and the company is enhancing its fraud monitoring efforts to protect its customers. Evolve did not pay Lockbit’s ransom, resulting in the public release of the encrypted data. However, despite the attack, Evolve stated that its backups will minimize data loss and operational impact.
Evolve assured its customers that Lockbit did not access any customer funds. However, the ransomware group downloaded customer information in February and May. Previously, Lockbit had incorrectly claimed that the breach involved the US Federal Reserve.
Federal and international law enforcement agencies have been working to shut down Lockbit for years. So far, six alleged members of the ransomware group, including a senior leader, have been charged. Despite authorities infiltrating Lockbit’s systems in February, the group continues its activities, spinning up new servers, leaking details of previous attacks, and conducting new ones. Last month, the FBI announced that it had obtained over 7,000 Lockbit decryption keys and is working to assist those affected by the ransomware.
