LockBit exfiltrated 33 terabytes of data from Evolve, including personally identifiable information (PII) such as customer names, Social Security numbers, dates of birth, and account information. The breach affected not only Evolve customers but also those of its partners, as Evolve provides banking products and services to a broad base of customers through its partnerships with fintech providers.
Evolve traced the breach's origin to a phishing email in which an employee inadvertently clicked on a malicious internet link.
LockBit incorrectly attributed the data source to the Federal Reserve Bank, when in reality, the data was exfiltrated from banking and fintech provider Evolve.