LockBit’s recent breach of Evolve, a banking and fintech provider, highlights the vulnerability of the fintech industry to cyberattacks. The breach resulted in the release of 33 terabytes of data on the dark web, including personally identifiable information (PII) of customers such as names, Social Security numbers, and account information. This breach has severe implications for affected individuals and companies. Evolve traced the attack back to a phishing email in which an employee clicked on a malicious link.
The attack sent shockwaves through the fintech startup community and its major backers, with companies like Affirm, Airwallex, and Stripe being among Evolve’s customers. Affirm promptly alerted its credit card customers about the incident and offered support in case of fraudulent transactions. Additionally, Mercury reported that the breach affected account numbers, deposit balances, and business owner names, causing significant disruptions to their operations and customer trust. The breach also led to a temporary suspension of Evolve’s online banking services, further inconveniencing customers.
Interestingly, the Federal Reserve had expressed concerns about the risks associated with fintech partnerships just two weeks before the breach occurred. Examinations conducted in 2023 revealed that Evolve had engaged in unsafe and unsound banking practices by not implementing an effective risk management framework for their fintech partnerships. The Federal Reserve’s enforcement action required Evolve to strengthen its risk management practices to address potential compliance and fraud risks.
LockBit, the ransomware group responsible for the breach, follows a Ransomware-as-a-Service (RaaS) business model. Their goal is to create chaos across supply chains, which increases their street credibility among affiliates and potential recruits. Despite previous disruptions to LockBit’s operations by law enforcement agencies through Operation Cronos, they have continued to carry out cyberattacks. Jon Miller, CEO of Halcyon, warns against speculation about LockBit’s attacks until concrete evidence is available.
Victims who pay the ransom often find themselves paying additional extortion fees, with attackers sharing or selling their information on the dark web. This highlights the importance of having a strong zero trust framework in place. Fintech companies need CISOs (Chief Information Security Officers) on their boards who can provide insights and guide strategy to enhance cybersecurity. These CISOs can eliminate trust from tech stacks, monitor and scan network traffic, rely on microsegmentation, conduct access privilege audits, and enforce multi-factor authentication.
In conclusion, the breach at Evolve Bank underscores the cybersecurity problem faced by the fintech industry. The incident emphasizes the need for a greater focus on zero trust principles and robust cybersecurity measures. CISOs play a vital role in ensuring the resilience and security of fintech companies. As Merritt Baer, CISO at Reco, warns, “security never takes a holiday,” and it is crucial to remain vigilant to protect against future cyber threats.