Evolve Bank leak has personal data of Bitfinex, Copper, Nomad users

  protos.com 5 h

Crypto-friendly Evolve Bank and Trust has admitted that it has known about ‘unauthorized activity’ — specifically the theft of 33 terabytes of user data — for the past month despite only notifying end users about the breach last week.

The data leak, which has been attributed to infamous Russia-based ransomware group Lockbit, reportedly includes personal details belonging to Bitfinex users.

Evolve said on Monday that in late May, some of its systems stopped working properly due to ‘unauthorized activity’ that appears to stem from an employee accidentally clicking on a malicious link.

The bank claims it stopped the attack ‘within days’ and hasn’t seen any more unauthorized activity since May 31. It also didn’t pay the ransom demand and says Lockbit mistakenly attributed the data to the Federal Reserve.

Despite this activity, as reported by Fintech Business Weekly (FBW) reporter Jason Mikula, “It appears [Evolve Bank] didn’t notify impacted fintechs (or end users) until the breach became public last week.”

Bitfinex accounts included in Evolve leak

The data stolen from Evolve Bank reportedly includes personally identifiable information (PII), such as names, addresses, social security and tax ID numbers, dates of birth, account balances, and email addresses. The data reportedly comes from 155,586 accounts linked to firms including Bitfinex, Nomad, and Copper.

An industry source told FBW, “I can’t think of a data breach with this much PII and consumer and commercial financial data…. that then is publicly available…. Ever.”