Days after claiming responsibility for hacking the US Federal Reserve, the Russia-linked LockBit ransomware gang has released stolen customer data from Evolve Bank & Trust on the dark web.
In a statement, Evolve confirmed it is investigating a cyber-attack, stating that “bad actors” have posted illegally obtained data online. LockBit published a collection of files across 21 separate links on the dark web after Evolve did not comply with its ransom demands.
Just prior to this, the gang alleged that it had stolen 33 terabytes of sensitive banking information from the Federal Reserve. Although they did not release the data or provide proof of the breach, they threatened the Fed, saying, “You better hire another negotiator within 48 hours, and fire this clinical idiot who values Americans’ bank secrecy at $50,000.”
For Evolve, this hack follows a regulatory order to enhance its risk management and obtain approval for any new partnerships. The bank has previously partnered with fintech firms, including the BaaS platform Synapse, which collapsed earlier this year. This left many partners in a lurch and led to disputes over the management of client funds.
Both the Federal Reserve and the Arkansas State Bank Department have identified shortcomings in Evolve’s oversight of its fintech partnerships and compliance with anti-money laundering requirements.