Evolve Bank & Trust has sent notification to more than 7.6 million individuals that their personal information was compromised in a recent LockBit ransomware attack.
The Arkansas-based financial services organization confirmed the incident on July 1shortly after the ransomware gang published data allegedly stolen during the attack. The company noted that no ransom demand was paid, which led to the stolen data being leaked online.
Evolve Bank also said that the attackers exfiltrated personal information such as names, Social Security numbers, bank account numbers, and contact information for most of its personal banking customers and for customers of its Open Banking partners.
On Monday, the financial institution informed the Maine Attorney General’s Office that the personal information of 7,640,112 individuals had been compromised in the attack, and that it would provide them with 24 months of free credit monitoring and identity protection services.
Also on Monday, Evolve Bank started sending out written notifications to the impacted individuals, explaining that the ransomware attack occurred on May 29 and that the attackers had access to its network since at least February.
Evolve also informed the potentially impacted individuals, which include some of its employees, that it has found no evidence that customer funds were accessed during the attack. The financial institution also said that it has identified no new unauthorized activity on its network since May 31.
LockBit’s ransomware operation was disrupted by law enforcement in February 2024, but the group managed to recover and became the most active ransomware gang in May, in terms of volume.