Evolve Bank leak has personal data of Bitfinex, Copper Banking, Nomad users

, ,
by Protos Staff

Crypto-friendly Evolve Bank and Trust has admitted that it has known about ‘unauthorized activity’ — specifically the theft of 33 terabytes of user data — for the past month despite only notifying end users about the breach last week.

The data leak, which has been attributed to infamous Russia-based ransomware group Lockbit, reportedly includes personal details belonging to Bitfinex users.

Evolve said on Monday that in late May, some of its systems stopped working properly due to ‘unauthorized activity’ that appears to stem from an employee accidentally clicking on a malicious link

The bank claims it stopped the attack ‘within days’ and hasn’t seen any more unauthorized activity since May 31. It also didn’t pay the ransom demand and says Lockbit mistakenly attributed the data to the Federal Reserve. 

Despite this activity, as reported by Fintech Business Weekly (FBW) reporter Jason Mikula, “It appears [Evolve Bank] didn’t notify impacted fintechs (or end users) until the breach became public last week.”

Bitfinex accounts included in Evolve leak

The data stolen from Evolve Bank reportedly includes personally identifiable information (PII), such as names, addresses, social security and tax ID numbers, dates of birth, account balances, and email addresses. The data reportedly comes from 155,586 accounts linked to firms including Bitfinex, Nomad, and Copper Banking

An industry source told FBW, “I can’t think of a data breach with this much PII and consumer and commercial financial data…. that then is publicly available…. Ever.”

Customer data from crypto-friendly Evolve Bank leaked by Lockbit

Read more: Crypto ransom group LockBit leaks stolen pharmacy staff data

Mikula has since received a cease and desist email from Evolve. He said, “If people misunderstood my posts to mean that I would share sensitive PII in my reporting, please know that was never my intent.”

One anonymous source claiming to be an exec impacted by the Evolve hack reportedly asked Mikula for the leaked files as they hadn’t “gotten confirmation from Evolve.”

Today’s announcement was updated from a June 26 version which omitted disclosure of May’s ‘unauthorized activity.’

Update July 2, 09:51 UTC: Changed the headline and body to clarify it was Copper Banking included in the leaked Lockbit documents. 

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on XInstagramBluesky, and Google News, or subscribe to our YouTube channel.