Data leak at Evolve exacerbates troubles for Synapse collaborator
=====================================================================================
Evolve Bank & Trust, a financial institution based in the United States, has confirmed a data breach involving the Russian ransomware group LockBit 3.0. The breach, which occurred in August 2025, resulted in the illegal obtaining and release of 33 terabytes of customer data on the dark web, marking one of the largest leaks to date.
The leaked information affected Evolve Bank & Trust customers, though specific details about the types of customer data exposed have not been fully disclosed. LockBit 3.0 is a well-known ransomware operation known for encrypting victims' data and then exfiltrating it to extort payment, often releasing sensitive data publicly if demands are not met.
Following the breach, Evolve Bank & Trust has been undergoing significant organizational changes to restore trust and address regulatory challenges. Bob Hartheimer, a regulatory expert, was appointed CEO to lead recovery efforts and improve security and transparency. This leadership change reflects the bank's acknowledgment of trust and security issues, compounded by prior incidents involving fintech partnerships and regulatory enforcement actions.
Evolve is notifying its fintech partners about the breach and is hesitant to allow payments to be made to many customers until a full reconciliation of the mismatched ledgers is complete. According to CNBC, neither Evolve nor its customers received money during that span. As of April 11, a network of eight banks held $109 million in deposits for Yotta customers, but a month later, the ledger showed $1.4 million.
Evolve believes that a meticulous forensic accounting investigation will reveal that the purported funds are not in their possession, contrary to Synapse's claims. A detailed investigation of what happened to these funds or why the Synapse-provided ledger reflected money movement that did not actually occur must be undertaken.
In response to the breach, Evolve is offering complimentary credit monitoring services with identity theft monitoring to affected customers. The bank is also communicating with law enforcement to help with an investigation of the matter. Evolve advises customers to remain vigilant and monitor any suspicious account activity over the next 12 to 24 months.
Financial institutions like Evolve now face average costs of over $6 million per breach, with ransomware attacks being a top threat driving this trend in 2025. The Evolve breach exemplifies these broader challenges in the sector.
It is important to note that the types of compromised data may have included full name, account number, email address, mailing address, phone number, Social Security number, and date of birth. Evolve received an enforcement action from the Federal Reserve over shortcomings in their anti-money laundering, risk management, and consumer compliance programs less than two weeks ago.
Chris Odinet, a professor at Texas A&M University School of Law, stated that people may take for granted that their money is safe when deposited with financial institutions, but the reality is there's a very different set of rules and protections with non-bank financial companies.
As the investigation continues, updates from Evolve Bank or law enforcement agencies may provide more specific details about the types of compromised data or legal developments in the investigation.
Read also:
- Musk threatens Apple with litigation amidst increasing conflict surrounding Altman's OpenAI endeavor
- Innovative Garments and Accessories Producing Energy: Exploring Unconventional Sources for Renewable Power
- Digital Commerce Giant Clips Unveils Its Latest Offering, Clip Ultra, Fortifying Its Dominance in Mexico's Market
- Tesla-powered homes in Houston cause buying rush among interested buyers
