Azoundria: Created page with "{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/evolvebankandtrustmassivedatabreach.php}} {{Unattributed Sources}} Evolve Bank and Trust Logo/HomepageIn late May 2024, Evolve Bank & Trust, with customers including Bitfinex, Nomad, and Copper Banking, identified some of its systems that were not working properly. While it initially appeared to be a hardware failure, they subsequently engaged cyber..."

2024-09-18T21:07:34Z

Created page with "{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/evolvebankandtrustmassivedatabreach.php}} {{Unattributed Sources}} thumb|Evolve Bank and Trust Logo/HomepageIn late May 2024, Evolve Bank & Trust, with customers including Bitfinex, Nomad, and Copper Banking, identified some of its systems that were not working properly. While it initially appeared to be a hardware failure, they subsequently engaged cyber..."

New page

{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/evolvebankandtrustmassivedatabreach.php}}
{{Unattributed Sources}}

[[File:Evolvebankandtrust.jpg|thumb|Evolve Bank and Trust Logo/Homepage]]In late May 2024, Evolve Bank & Trust, with customers including Bitfinex, Nomad, and Copper Banking, identified some of its systems that were not working properly. While it initially appeared to be a hardware failure, they subsequently engaged cybersecurity specialists to investigate and determined that unauthorized activity may have been the cause. They promptly initiated an incident response processes, stopped the attack within days, and have seen no new unauthorized activity since May 31, 2024. The incident was reported to law enforcement and they have offered various identity protection services to affected custoemrs.<ref name="slowmisthackedarchive-14571" /><ref name="panewslab-14576" /><ref name="protos-14577" /><ref name="getevolved-14578" /><ref name="mikulajatwitter-14579" /><ref name="fintechbusinessweeklysubstack-14580" /><ref name="protos-14581" /><ref name="mikulajatwitter-14582" /><ref name="getevolvedarchive-14583" />

== About Evolve Bank And Trust ==
"Welcome to Evolve Bank & Trust Your Financial Success. Evolved. Best-in-class financial technology solutions delivering personal and business success. Powering the future of banking."

"Founded in 1925, Evolve Bank & Trust started as a small bank helping develop farming towns in eastern Arkansas. Since that time, we have evolved into a national best-in-class financial services institution that combines the expertise of a bank and the power of technology to offer our clients unique profitable solutions. Evolve is committed to our core values of integrity, financial strength, and operational excellence in all areas of our business."

"Evolve proudly commits resources to community organizations that drive the success of our neighborhoods. To achieve this, we support initiatives and organizations connected to economic development, financial literacy, youth development, health and human services, the arts, and culture. Every year, our Evolve associates volunteer with local non-profit agencies that are serving areas with the most need."

"At Evolve Bank & Trust, we strive to create an environment where employees and customers are valued and appreciated. We are committed to maintaining a culture inclusive of different viewpoints, thoughts, opinions, and ideas where everyone is welcome, and diversity is embraced. In our world of diversity, we see strength and the individualism that each person is encouraged to contribute to the greater good. We are committed to fostering inclusion and diversity at local, regional, and even global levels, whether through work within our core teams or by way of organizations, volunteer opportunities, round-table discussions, or workshops."

== The Reality ==
This sections is included if a case involved deception or information that was unknown at the time. Examples include:

* When the service was actually started (if different than the "official story").
* Who actually ran a service and their own personal history.
* How the service was structured behind the scenes. (For example, there was no "trading bot".)
* Details of what audits reported and how vulnerabilities were missed during auditing.

== What Happened ==
There was unauthorized access prior to May 31st, 2024.
{| class="wikitable"
|+Key Event Timeline - Evolve Bank and Trust Massive Data Breach
!Date
!Event
!Description
|-
|May 31st, 2024
|No Further Unauthorized
|No further unauthorized activity is noted after this point.
|-
|July 1st, 2024 11:40:33 AM MDT
|Protos Article Published
|Protos publishes an article about the data breach.
|-
|July, 2024
|Update Posted
|Evolve posts an update to inform that they continue to "work around the clock to respond to the recent cybersecurity incident".
|-
|July 3rd, 2024
|Update Posted
|Evolve posts an update to inform that they expect to start individual notifications on July 8th.
|}

== Technical Details ==
"Crypto-friendly Evolve Bank and Trust has admitted that it has known about ‘unauthorized activity’ — specifically the theft of 33 terabytes of user data — for the past month despite only notifying end users about the breach last week."

== Total Amount Lost ==
"The data stolen from Evolve Bank reportedly includes personally identifiable information (PII), such as names, addresses, social security and tax ID numbers, dates of birth, account balances, and email addresses. The data reportedly comes from 155,586 accounts linked to firms including Bitfinex, Nomad, and Copper Banking."

No funds were lost.

== Immediate Reactions ==
"On July 1, according to Protos, the crypto-friendly bank Evolve Bank & Trust recently admitted that despite discovering "unauthorized activity"—specifically, the theft of 33 TB of user data—a month ago, they only publicly disclosed the incident last week. Reportedly, the stolen data pertains to 155,586 accounts associated with companies like Bitfinex, Nomad, and Copper. The bank stated that the data breach was due to an employee clicking on a malicious link and that the attack was halted within a few days, with no further unauthorized activity detected."

== Ultimate Outcome ==
"Evolve is on schedule to commence individual notifications starting July 8, 2024. These notifications will include an offer of two years of comprehensive credit monitoring and identity protection services for U.S. residents, while international residents will be offered dark web monitoring services where available. Additionally, the notices will provide detailed information on these services, along with instructions for registration and contact details for our dedicated call center, established to assist with enrollment and address any inquiries related to the incident.

Our initial round of notifications is expected to be completed over approximately two weeks. As previously mentioned, our investigation is ongoing, and we anticipate subsequent, smaller rounds of notifications.

We appreciate your ongoing patience throughout this process and regret any inconvenience caused by this incident."

== Total Amount Recovered ==
There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

== Ongoing Developments ==
What parts of this case are still remaining to be concluded?
== Individual Prevention Policies ==
{{Prevention:Individuals:Placeholder}}

{{Prevention:Individuals:End}}

== Platform Prevention Policies ==
{{Prevention:Platforms:Placeholder}}

{{Prevention:Platforms:End}}

== Regulatory Prevention Policies ==
{{Prevention:Regulators:Placeholder}}

{{Prevention:Regulators:End}}

== References ==
<references><ref name="slowmisthackedarchive-14571">[https://web.archive.org/web/20240705195425/https://hacked.slowmist.io/ SlowMist Hacked - SlowMist Zone] (Accessed Jul 5, 2024)</ref>

<ref name="panewslab-14576">[https://www.panewslab.com/zh/sqarticledetails/c6293xv8.html 外媒：Evolve Bank在攻击事件中泄露了Bitfinex、Copper、Nomad用户的个人数据 - PANews] (Accessed Jul 5, 2024)</ref>

<ref name="protos-14577">[https://protos.com/evolve-bank-leak-has-personal-data-of-bitfinex-copper-banking-nomad-users/ Evolve Bank leak has personal data of Bitfinex, Copper Banking, Nomad users] (Accessed Jul 5, 2024)</ref>

<ref name="getevolved-14578">[https://www.getevolved.com/about/news/cybersecurity-incident/ Cybersecurity Incident | Evolve Bank & Trust] (Accessed Jul 5, 2024)</ref>

<ref name="mikulajatwitter-14579">[https://twitter.com/mikulaja/status/1807746666159608280 @mikulaja Twitter] (Accessed Jul 5, 2024)</ref>

<ref name="fintechbusinessweeklysubstack-14580">[https://fintechbusinessweekly.substack.com/p/evolve-hack-crisis-russia-linked Evolve Hack Crisis: Russia-Linked Cybergang Leaks Records On Millions] (Accessed Jul 5, 2024)</ref>

<ref name="protos-14581">[https://protos.com/customer-data-from-crypto-friendly-evolve-bank-leaked-by-lockbit/ Customer data from crypto-friendly Evolve Bank leaked by Lockbit] (Accessed Jul 5, 2024)</ref>

<ref name="mikulajatwitter-14582">[https://twitter.com/mikulaja/status/1807463616523768276 @mikulaja Twitter] (Accessed Jul 5, 2024)</ref>

<ref name="getevolvedarchive-14583">[https://web.archive.org/web/20240626174030/https://www.getevolved.com/about/news/cybersecurity-incident/ Cybersecurity Incident | Evolve Bank & Trust] (Accessed Jul 5, 2024)</ref></references>

Evolve Bank and Trust Massive Data Breach - Revision history