When the Bank Gets Hacked

Before you point your finger at someone for backdooring your deals, consider another possibility, that some technology in the deal flow chain could be compromised, whether it’s yours, theirs, or some backend that nobody suspects could be hacked. One such modern example is Evolve Bank and Trust, which had 33 terabytes of data stolen and then leaked on the internet.

Evolve is big in the fintech world to the point where Fintech reporter Jason Mikula determined that customers at more than a dozen onboarded fintechs also had their info stolen, including at Yotta, Copper, Yieldstreet, Juno, Dave, BrightSide, SoLo Funds, ChangEd, Mercury, MainVest, Fund That Flip, Nomad, Bitfinex, Rho, and more. Other firms like Mercury, Bilt, Affirm, and Wise notified its users that their info may have also been breached in connection with the hack.

Via Mikula’s Fintech Business Weekly:

“Info security professionals who have accessed and begun examining the data in order to take necessary steps to mitigate risk have suggested that Evolve’s Azure tenant was compromised, allowing the hackers to make copies of most or all of the bank’s virtual machines, including those running its website, SFTP, SQL server, as well as information from its core banking system, which is said to be Jack Henry’s jXchange — which potentially could include Evolve’s credentials for accessing Federal Reserve systems.”

Evolve was hit with an enforcement action by the Federal Reserve last month, before revealing that it had been hacked.

“This was a ransomware attack by the criminal organization, LockBit,” Evolve said in a statement on its website. “They appear to have gained access to our systems when an employee inadvertently clicked on a malicious internet link. There is no evidence that the criminals accessed any customer funds, but it appears they did access and download customer information from our databases and a file share during periods in February and May.”

Evolve has 26 offices across 10 states, though its full service brick and mortar branches are only located in Arkansas and Tennessee.

Underwriters and brokers should be extra vigilant in verifying that apps and bank statements, particularly those that are customers of Evolve, originated from the applicant and through the means that they remembered.