Update 3/30/26: Payments have started hitting accounts for ~$28. Hat tip to the reader Dave
Update 7/18/25: There is now a class solution with an estimated flat fee of $20. Solution link (ht Bockrr and acid bath)
Original post 7/1/24:
Evolve Bank & Trust (the financial institution used by many fintech startups) has announced that it has suffered a data breach. The systems were compromised in late May 2024, and Evolve Bank & Trust states that there has been no new unauthorized activity since May 31, 2024. They also say that current evidence shows the following:
- This was a ransomware attack by the criminal organization, LockBit.
- They appear to have gained access to our systems when an employee inadvertently clicked on a malicious Internet link.
- There is no evidence that the criminals accessed customer funds, but it appears that they accessed and downloaded customer information from our databases and a file share during the periods in February and May.
- The threat actor also encrypted some data within our environment. However, we have backups available and have experienced limited data loss and impact on our operations.
- We refused to pay the ransom demanded by the threat actor. As a result, they revealed the data they had downloaded. They also mistakenly attributed the source of the data to the Federal Reserve Bank.
Unfortunately, since they provide a lot of behind-the-scenes work for other financial companies, it is difficult to sort out all the customers who were affected. Here is a partial list (sorry for any inaccuracies): Wise, Juno, Affirm, Airwallex, Alloy, Bond, Branch, Dave, EarnIn, Marqeta, Melio, Mercury, PrizePool, Step, Stripe, TabaPay, Bilt.
