One of the most significant bank hacks in recent years has just been made public. Website Two weeks ago, Arkansas-based Evolve Bank and Trust notified customers that an unspecified amount of customer information had been stolen in a “cybersecurity incident” involving the Russian ransomware group LockBit.
The hacker group the goal He has been involved in international law enforcement activities for many years, but initially Claimed The hack, which was aimed at the Federal Reserve Board, attracted attention on some sides on Wall Street.
Commonsense rules that promote encryption, punish bad actors, and minimize data collection would go a long way to protecting consumers from future harm.
Instead, as the group’s darknet website reveals, the cache of stolen records purportedly relates to clients of Evolve Bank and Trust Bank, as well as clients of partner fintech companies. Reportedly This includes the customer’s name, social security number, date of birth, and a scan of their driver’s license or ID.
The full extent of the hack and leak is unclear, but the bank Unique position As a bridge between traditional finance and emerging fintech, neobanks point to a much more dire situation than many would like to admit.
Many major financial services companies, Big Names Wise, Mercury, Stripe, Affirm, etc. Already communicating To Customers Some of their data It may have been included in the hack. I personally received several of these emails from other accounts.
This is linked to the imminent bankruptcy of its affiliated banking provider, Synapse, which Intermediary The relationship between fintech companies and traditional banks like Evolve. Sens. Sherrod Brown (D-Ohio), Ron Wyden (D-Oregon), Tammy Baldwin (D-Wis.), and John Fetterman (D-Pennsylvania) I sent a letter The company wrote to the company on July 1, demanding compensation for its customers. The letter also included Synapse’s major partner, Evolve Bank. The alleged hacking incident will only make things worse.
What made this alleged Evolve hack so devastating is twofold.
First, the size and scope of the companies involved. list Evolve’s fintech partners who use its banking license to issue financial accounts include some of the nation’s largest institutions serving hundreds of millions of Americans. The true number of people affected won’t be known until the companies disclose whose data was breached.
Second, federal law Required Companies are required to collect sensitive personal and private data from their customers and provide it to Evolve. Whether it’s the Bank Secrecy Act, the Patriot Act, the FDIC Customer Identification Program, the Dodd-Frank Act, or the recently passed Corporate Transparency Act, the federal government requires banks and financial institutions to hand over vast amounts of information and data to their customers that they must retain in order to track crime.
To comply with the numerous know-your-customer and anti-money laundering laws imposed on financial institutions by the government, financial institutions must collect, store and report to the Treasury Department their customers’ names, addresses, Social Security numbers and ID scans. Currently, this information may be in the possession of nefarious Russian hacking groups.
If criminals were to cross-reference this information with recent online breaches, the scale of potential identity theft would be even greater.
Some users have already reported Phishing scams This was made possible by information from the hack, with more information likely to become available soon.
Jason Mikula, a writer for FinTech Substack, was one of the few journalists to report on the breach from its inception. Evolve Bank contacted him. Injunction Last week it warned that legal action would be taken against anyone who leaked information about the hack.
Beyond concerns about an industry-wide collapse surrounding fintech, this episode should serve as a cautionary tale for those who push for excessive know-your-customer and anti-money laundering laws for services that consumers use every day.
As previously reported by Return, a bill pending in the US Senate would further crack down on bitcoin and cryptocurrency exchanges, requiring them to provide more personal information and limiting the amount customers can withdraw without being deemed “suspicious.”
While efforts to enact national privacy legislation are laudable, Congress and the Federal Trade Commission Too focused Rather than creating legally enforceable penalties for hacks that compromise our personal information and put us at risk of identity theft, it focuses on the specific business models of various online companies.
“Rather than introducing further restrictions and requirements on companies to collect information to fight crime, we should be asking whether our existing laws are putting us at further risk. Common-sense rules that promote encryption, punish bad actors, and minimize data collection would go a long way to protecting consumers from future harm.”
