After claiming it had data stolen from the Federal Reserve, ransomware group LockBit released records on Tuesday belonging to Evolve Bank & Trust, which confirmed it had been the victim of a cyberattack.
On Sunday, the threat actor had initially said on its victim-shaming blog that it had stolen data from the Fed, which did not publicly comment on the matter before Tuesday evening, when LockBit published the data it had actually stolen.
That evening, the group published the data, and it became clear that it did not belong to the Fed, but to Evolve. There is no evidence that LockBit stole the Evolve data from the Fed.
Criminal groups can mix stolen data with fabricated or previously published personal records, in an attempt to bluff about the true impact of a cybersecurity incident. So, while LockBit published some data belonging to Evolve on Tuesday, the actual number of Evolve customers affected remains unclear.
A spokesperson for Evolve said the bank is “currently investigating a cybersecurity incident involving a known cybercriminal organization” while also saying the incident “has been contained, and there is no ongoing threat.”
The bank did not provide specifics about the number of customers affected, nor what data exactly was compromised. The spokesperson said that impacted customers will receive new account numbers “if warranted.”
“We take this matter extremely seriously and are working tirelessly to address the situation,” the spokesperson said. “Evolve has engaged the appropriate law enforcement authorities to aid in our investigation and response efforts.”
Evolve will offer all impacted customers complimentary credit monitoring with identity theft protection services, the spokesperson said, and that affected customers “will be contacted directly” with instructions on how to enroll in these protective measures.
One of the items that LockBit posted Tuesday evening, supposedly linking the data to the Fed, was a
Synapse abruptly shut down and filed for bankruptcy protection in April, freezing numerous transactions and leaving $85 million of customer deposits unaccounted for, according to the firm’s Chapter 11 bankruptcy proceedings. Regarding the enforcement action against the bank, an Evolve spokesperson downplayed the connection to the Synapse collapse. “This order, which stemmed from a routine regulatory review in 2023 and is similar to orders received by others in the industry, does not affect our existing business, customers, or deposits,” the spokesperson said at the time. “Evolve remains well-capitalized and continues to show strong growth across all business lines.”
Prior to LockBit publishing the data it stole from Evolve, many cybersecurity experts correctly anticipated that LockBit was lying and pointed out that the group has made disputed claims before.
In February, following a cybersecurity incident that disrupted county government phone lines and left clerks unable to issue vehicle registrations and marriage licenses, the group threatened to publish data it stole from Fulton County, Georgia, including records related to the pending criminal case against former President Donald Trump.
The ransom payment deadline passed, and