Evolve Bank and Trust recently announced a significant data breach. The bank reported that at the end of May, 33 terabytes of user data were stolen due to an employee clicking on a malicious link. The breach includes information from users of major crypto companies such as Bitfinex, Nomad, and Copper Banking.
How Did the Breach Start?
The incident began in late May when an Evolve Bank employee accidentally clicked on a malicious link. This click caused some systems in the bank to malfunction. The bank claims it managed to stop the attack within a few days and has not observed any unauthorized activity since May 31.
Although Evolve Bank acted quickly to contain the breach, it delayed in informing the affected fintech companies or end-users. This delay in notification led to comments about the bank’s lack of transparency. Allegedly, Evolve Bank only admitted to the unauthorized activity when news reports surfaced.
Stolen Data Highlights the Issue’s Severity
The stolen data includes personal information such as names, addresses, social security numbers, tax identification numbers, dates of birth, account balances, and email addresses. These data are linked to 155,586 accounts associated with firms like Bitfinex, Nomad, and Copper Banking. The exposure of such a vast amount of personal and financial data inevitably raises concerns.
Jason Mikula, who reported on the breach, stated that he received an email from Evolve Bank requesting him not to publish such news. Mikula explained that his intention was not to share sensitive data but to inform the public without jeopardizing the safety of affected individuals.
In response to the breach, an anonymous executive affected by the Evolve hack contacted Mikula and requested access to the leaked files. This situation illustrates the frustration and uncertainty experienced by those affected by the breach. Evolve Bank updated its June 26 announcement to address the unauthorized activity that occurred in May. This revision demonstrated the bank’s effort to manage the damages from the breach while addressing the concerns of its users and the broader fintech community.
We also wanted to pass on information to our readers regarding the issue. Jill Shaughnessy, a public relations representative of Copper.co, reached out to us, stating that Copper Banking is a different company. In our report, Copper Banking and Copper.co are different entities. Shaughnessy’s statement included the following:
Evolve Bank processes no Copper data, and as a result, no Copper data could potentially be affected by Evolve Bank’s system breach.
