LockBit’s latest attack shows why fintech needs more zero trust

by | Jul 8, 2024 | Technology

We want to hear from you! Take our quick AI survey and share your insights on the current state of AI, how you’re implementing it, and what you expect to see in the future. Learn More

Claiming to have breached the U.S. Treasury and instead releasing 33 terabytes of data on the dark web exfiltrated from banking and fintech provider Evolve, LockBit’s latest breach shows how vulnerable fintech is to cyberattacks. Evolve announced the breach on June 26, posting a notice on their site, saying the breach included personally identifiable information (PII), including customer names, Social Security numbers, dates of birth and account information, which has severe implications for the affected individuals and companies​​​​.

Evolve began notifying affected parties on July 8. The fintech provider and financial services organization traced the attack to a phishing email in which an employee inadvertently clicked on a malicious internet link.

“We refused to pay the ransom demanded by the threat actor. As a result, they leaked the data they downloaded. They also mistakenly attributed the source of the data to the Federal Reserve Bank,” Evolve said in a recent update shared on their site.

The attack immediately sent shockwaves through the fintech startup community and its major backers. Affirm, Airwallex, Alloy, Bond (now part of FIS), Branch, Dave, EarnIn, Marqeta, Mastercard, Melio, Mercury, PrizePool, Step, Stripe, TabaPay and Visa are all Evolve customers.

Countdown to VB Transform 2024

Join enterprise leaders in San Francisco from July 9 to 11 for our flagship AI event. Connect with peers, explore the opportunities and challenges of Generative AI, and learn how to integrate AI applications into your industry. Register Now

Affirm alerted their Affirm credit card customers via X (formerly Twi …

Article Attribution | Read More at Article Source

[mwai_chat context=”Let’s have a discussion about this article:nn
We want to hear from you! Take our quick AI survey and share your insights on the current state of AI, how you’re implementing it, and what you expect to see in the future. Learn More

Claiming to have breached the U.S. Treasury and instead releasing 33 terabytes of data on the dark web exfiltrated from banking and fintech provider Evolve, LockBit’s latest breach shows how vulnerable fintech is to cyberattacks. Evolve announced the breach on June 26, posting a notice on their site, saying the breach included personally identifiable information (PII), including customer names, Social Security numbers, dates of birth and account information, which has severe implications for the affected individuals and companies​​​​.

Evolve began notifying affected parties on July 8. The fintech provider and financial services organization traced the attack to a phishing email in which an employee inadvertently clicked on a malicious internet link.

“We refused to pay the ransom demanded by the threat actor. As a result, they leaked the data they downloaded. They also mistakenly attributed the source of the data to the Federal Reserve Bank,” Evolve said in a recent update shared on their site.

The attack immediately sent shockwaves through the fintech startup community and its major backers. Affirm, Airwallex, Alloy, Bond (now part of FIS), Branch, Dave, EarnIn, Marqeta, Mastercard, Melio, Mercury, PrizePool, Step, Stripe, TabaPay and Visa are all Evolve customers.

Countdown to VB Transform 2024

Join enterprise leaders in San Francisco from July 9 to 11 for our flagship AI event. Connect with peers, explore the opportunities and challenges of Generative AI, and learn how to integrate AI applications into your industry. Register Now

Affirm alerted their Affirm credit card customers via X (formerly Twi …nnDiscussion:nn” ai_name=”RocketNews AI: ” start_sentence=”Can I tell you more about this article?” text_input_placeholder=”Type ‘Yes'”]

Share This