A data breach at Evolve Bank and Trust has impacted Bitfinex and other platforms, exposing sensitive personal information.
The bank officially acknowledged the incident, which involved the theft of 33 terabytes of user data.
Treasury of personal informations
Evolve Bank, known for being crypto-friendly, experienced a huge data breach, and while they said customer funds remain safe, the bank admitted that hackers likely accessed sensitive customer information stored in their databases.
The cyberattack has been linked to the Russian ransomware group Lockbit, and it’s very likely that personal data of Bitfinex users was among the stolen information.
The stolen data reportedly includes personally identifiable information (PII) such as names, addresses, social security and tax ID numbers, dates of birth, account balances, and email addresses.
This breach has affected over 155,000 accounts associated with various companies, including Bitfinex, Nomad, and Copper Banking.
Access for days
In an update, Evolve Bank shared that some of its systems malfunctioned due to unauthorized activity in late May, caused by an employee clicking a malicious link.
The bank stated that it halted the attack within days and didn’t experience any unauthorized activity since May 31.
Evolve Bank revealed that while some data was encrypted by the attackers, they managed to limit the loss and operational impact due to available backups.
The bank refused to pay the ransom and claimed that Lockbit mistakenly linked the data to the Federal Reserve.
KYC is the illicit activity?
Evolve’s investigation is still ongoing, but it appears that names, Social Security numbers, bank account numbers, and contact information of personal banking customers and those of Open Banking partners were affected.
The bank also learned that personal information of its employees was likely impacted.
There are lot of criticism about how the collecting of personal information, and storing it poorly acting as a security risk, caused by the companies and regulating authorities. Many experts think KYC doing more harm than good.
Following the breach, several fintech companies that work with Evolve Bank have warned their customers about the potential data compromise.
According to Fintech Business Weekly reporter Jason Mikula, Evolve delayed notifying the affected fintech companies and end users until the breach became publicly known last week.
