Three executives from Evolve, a crypto-friendly bank that suffered a data leak affecting at least 7.6 million customers, have all reportedly left their jobs.

According to financial journalist Jason Mikula, the bank’s chief credit officer, corporate controller, and chief lending officer-open banking have left their roles. 

Evolve was hacked by the Russia-based ransomware group Lockbit in May with a whopping 33 terabytes of user data leaked the following month. This data belonged to customers from Bitfinex, Nomad, and Copper Banking. 

Data included personal information such as names, addresses, social security and tax ID numbers, dates of birth, account balances, and email addresses. 

Evolve has reportedly been pausing certain wire transfers over $3,000. In these cases, a so-called ‘travel rule’ kicks in that requires the collection of additional data.  

There may be more shoes yet to drop

Mikula told Protos, “Evolve is facing enormous challenges on multiple fronts right now, and I suspect there may be more shoes yet to drop.

“Retaining and attracting talent can become a major challenge for troubled institutions like Evolve. The work of remediating a consent order — to say nothing of the Russia-linked ransomware attack or Synapse bankruptcy — can be time-consuming, tedious, and often thankless.” 

Read more: Federal Reserve issues enforcement action against Evolve Bank

Evolve Bank and Trust and ​​Evolve Bancorp were issued the consent order in June. It claimed the bank had “deficiencies in its anti-money laundering, risk management, and consumer compliance programs.”

Mikula said, “Experienced, skilled executives with other options don’t always want to stick around for that, while less-skilled or motivated employees may be more likely to.” 

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on X, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.

The post Three execs from ‘troubled’ Evolve Bank have left their jobs appeared first on Protos.

Crypto-friendly Evolve Bank and Trust has admitted that it has known about ‘unauthorized activity’ — specifically the theft of 33 terabytes of user data — for the past month despite only notifying end users about the breach last week.

The data leak, which has been attributed to infamous Russia-based ransomware group Lockbit, reportedly includes personal details belonging to Bitfinex users.

Evolve said on Monday that in late May, some of its systems stopped working properly due to ‘unauthorized activity’ that appears to stem from an employee accidentally clicking on a malicious link. 

The bank claims it stopped the attack ‘within days’ and hasn’t seen any more unauthorized activity since May 31. It also didn’t pay the ransom demand and says Lockbit mistakenly attributed the data to the Federal Reserve. 

Despite this activity, as reported by Fintech Business Weekly (FBW) reporter Jason Mikula, “It appears [Evolve Bank] didn’t notify impacted fintechs (or end users) until the breach became public last week.”

Bitfinex accounts included in Evolve leak

The data stolen from Evolve Bank reportedly includes personally identifiable information (PII), such as names, addresses, social security and tax ID numbers, dates of birth, account balances, and email addresses. The data reportedly comes from 155,586 accounts linked to firms including Bitfinex, Nomad, and Copper Banking. 

An industry source told FBW, “I can’t think of a data breach with this much PII and consumer and commercial financial data…. that then is publicly available…. Ever.”

Read more: Crypto ransom group LockBit leaks stolen pharmacy staff data

Mikula has since received a cease and desist email from Evolve. He said, “If people misunderstood my posts to mean that I would share sensitive PII in my reporting, please know that was never my intent.”

One anonymous source claiming to be an exec impacted by the Evolve hack reportedly asked Mikula for the leaked files as they hadn’t “gotten confirmation from Evolve.”

Today’s announcement was updated from a June 26 version which omitted disclosure of May’s ‘unauthorized activity.’

Update July 2, 09:51 UTC: Changed the headline and body to clarify it was Copper Banking included in the leaked Lockbit documents. 

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on X, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.

The post Evolve Bank leak has personal data of Bitfinex, Copper Banking, Nomad users appeared first on Protos.

Crypto ransomware group Lockbit leaked 33 terabytes of Evolve Bank and Trust data yesterday despite initially threatening to release data from the Federal Reserve ‘containing Americans’ banking secrets.’

As part of the leak, Lockbit shared a link to a press release detailing the Federal Reserve’s enforcement action against Evolve Bank. Evolve Bank and Trust agreed to a cease-and-desist order in June after the Federal Reserve “found that Evolve engaged in unsafe and unsound banking practices,” in relation to its fintech partnerships.

Lockbit is also reported to have leaked parent directories, torrents, and compressed archive files from Evolve Bank and Trust.

According to Fintech Business Weekly reporter Jason Mikula, industry sources say the situation is “as bad as it gets,” as documents containing “end user PII, including SSNs, card PANs, wires, and settlement files,” have been leaked. 

LockBit listed the ransom demand for an undisclosed sum on Sunday where it claimed negotiations had failed. It said, “You better hire another negotiator within 48 hours, and fire this clinical idiot who values Americans’ bank secrecy at $50,000.”

Evolve told its clients in an email, “We acknowledge these reports and are actively investigating the situation.”

“The Evolve team, in collaboration with law enforcement and government agencies, is monitoring and addressing this matter with the utmost diligence and transparency,” it added. 

Read more: Federal Reserve issues enforcement action against Evolve Bank

Evolve Bank and Trust facilitated customer accounts for the fintech middleman firm Synpase which declared bankruptcy in April.

Following Synapse’s collapse there’s a reported disappearance of $109 million in customer deposits that was held by several banks, including Evolve, for fintech firm Yotta. 

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on X, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.

The post Customer data from crypto-friendly Evolve Bank leaked by Lockbit appeared first on Protos.

Crypto-ransomware group LockBit has leaked the data it stole from Canadian pharmacy chain London Drugs after the firm refused to pay a $25 million ransom.

Dozens of folders containing data on hundreds of employees, including payrolls, electronic signatures, resignation letters, medical data, and performance assessments were reportedly made public. According to The Globe and Mail, there was also data on sexual harassment complaints, immigration applications, relationship disclosures, and a folder on ‘Traumatic Incidents.’

The pharmacy firm said in a statement, “London Drugs has been named by cybercriminals as a victim of exfiltration of files from its corporate head office, and we are aware that some of these exfiltrated files have now been released.”

LockBit, which has historically demanded ransoms in cryptocurrency, said London Drugs was previously going to cough up $8 million. However, London Drugs said it was “unwilling and unable” to pay the ransom demand. 

LockBit targeted London Drugs on April 26, resulting in the firm having to close 79 of its branches until May 7. London Drugs claims the hack took data from its corporate head office.

On Wednesday, London Drugs told the Register that if its patient, customer, or employee databases appear comprised it would then “notify affected individuals in accordance with privacy laws.” 

London Drugs also claimed it would offer its staff two years of free identity-theft protection services and credit monitoring, “regardless of whether any of their data is ultimately found to be compromised or not.”

Read more: Another Chinese money laundering scheme tied to Deltec and Tether

Lockbit operates a ransomware-as-a-service model that extorts crypto from victims before taking a cut of the profits. Last month LockBit’s leader and his bitcoin address were outed to the world by the US alongside his fondness for Cheesecake Factory. 

Lockbit, however, refuted that its leader had been revealed. At the time the US and UK announced it had disrupted Lockbit’s infrastructure, “compromising their entire criminal enterprise.”

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on X, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.

The post Crypto ransom group LockBit leaks stolen pharmacy staff data appeared first on Protos.

The United States has revealed the supposed leader of crypto-ransomware group LockBit and is offering a $10 million bounty to anyone who can out key leaders from the hacking group. 

The US Treasury Department outed Dmitry Yuryevich Khoroshev as the primary leader of Russia-based LockBit in a sanction issued today.

According to US authorities, Khoroshev is behind the ‘LockBitSupp’ moniker and helped upgrade and manage LockBit. It also shared his Bitcoin crypto address: bc1qvhnfknw852ephxyc5hm4q520zmvf9maphetc9z.

Malware-focused account vx-underground, however, claims that LockBit issued a statement to the FBI that reads, “The FBI is bluffing, I’m not Dimon, I feel sorry for the real Dimon))) oh, and he’ll get fucked for my sins))).”

Vx-Underground additionally reports that Khoroshev’s information, including his address and food order history, was exposed, and that he has a fondness for Cheesecake Factory.

Today’s US sanction included a $10 million reward to anyone with information that may reveal the identity of LockBit’s key leaders. In addition, the government is offering $5 million to anyone with information that can lead to the arrest of anyone involved with LockBit ransomware. 

Read more: LockBit countdown disappoints viewers with vague hints and a cartoon cat

What is LockBit?

LockBit runs a ransomware-as-a-service model that generates funds by licensing its ransomware tools to fellow cybercriminals while taking a cut of their exploits. 

The US states, “[LockBit] has targeted over 2,500 victims worldwide and is alleged to have received more than $500 million in ransom payments,” while attacking “financial services, food and agriculture, education, emergency services, and healthcare.” 

Last February, 200 crypto addresses linked to LockBit were frozen, and its site was seized by authorities, including the FBI, Europol, and the UK National Crime Agency.  

In the same month, authorities teased the announcement of LockBit’s leader and left users a little underwhelmed when its announcement revealed little more than a cartoon cat and the car he drove.

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on X, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.

The post US sanctions Russian ransomware leader, offers $10M reward appeared first on Protos.

A police countdown promising to reveal the identity of the kingpin behind the crypto-ransomware group LockBit left spectators disappointed after it revealed only a handful of vague clues and a cartoon picture of a cat.

Police seized the LockBit website this week before beginning the online countdown that it was claimed would eventually answer the ‘$10 million question,’ who is LockBitSupp? This is the online nickname for LockBit’s leader. 

However, anybody hoping for some grand reveal will likely have been left massively underwhelmed when, after a slight delay, authorities posted, “We know who he is. We know where he lives. We know how much he is worth. LockBitSupp has engaged with Law Enforcement :).”

Alongside the cartoon cat, police also posted a series of not-particularly-enlightening hints, namely that LockbitSupp doesn’t live in the US or the Netherlands, and that he drives a Mercedes.

Read more: Finnish police can’t find suspected bitcoin blackmailer they just released

LockBit operates a ransomware-as-a-service that encrypts the data of its victims before demanding a crypto ransom for its release. This week 200 crypto addresses linked to LockBit were frozen and their site seized by authorities, including the FBI, Europol, and the UK National Crime Agency.  

According to malware-focused X (formerly Twitter) account vx-underground, LockBit is reportedly preparing a “formal reply to law enforcement once they’re finished restoring their infrastructure.” Vx-underground also claims that affiliates of LockBit have continued to deploy their ransomware operations.

LockBit reveal was an anticlimax

Understandably, today’s reveal didn’t live up to everyone’s standards, with many spectators led to believe that the countdown would reveal the definite identity of LockBitSupp. As Joe Tidy, the BBC’s cyber crime reporter put it, “That was a bit (a lot) of an anticlimax.” 

He posted, “Police teased all week that they would release the identity of LockBit’s head honcho today. 31,000 people visited the darknet page with a countdown timer to be met with…. a cat cartoon…”

Other users said, “They had us waiting all that time for this? I expected something juicy,” while another complained, “Great, any non-us non-neather [sic] citizen [sic] that drives a Mercedes is a target .”

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on X, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.

The post LockBit countdown disappoints viewers with vague hints and a cartoon cat appeared first on Protos.