Investigation Underway: Evolve Bank & Trust Data Breach

Sanford Heisler Sharp would like to speak to customers of Evolve Bank & Trust (“Evolve”), and customers of its Open Banking partners including but not limited to Affirm, Wise, and Bilt, whose banking and personal identification information (“PII”) were stolen by cybercriminals in a widespread data breach of Evolve’s IT system. Our law firm is investigating a class action lawsuit to hold Evolve liable for the data breach and its failure to take reasonable measures to protect consumers from such hacks, as required by law.

Based in Tennessee, fintech company Evolve promotes itself as a “national best in class financial services institution” that offers everything from personal checking accounts to “Open Banking” payment processing solutions, in which it partners with app-based banking platforms including Dave, Earn In, and Airwallex, among others.

In June, Evolve’s IT system was infiltrated by the Russian cybercriminal group Lockbit 3.0 when an Evolve employee inadvertently clicked on a malicious Internet link. While Evolve shut down some of its IT systems on June 24, 2024, Lockbit 3.0 was already posting data from the hack the next day, making customers’ PII available for cybercriminals to sell, buy, or exchange on the Dark Web.

The PII seized by Lockbit 3.0 in the hack includes customers’ Social Security numbers, birthdates, account information and other personal information.

Financial institutions owe a duty of care that they will use reasonable means to secure and safeguard their customers’ information, prevent its unauthorized access and disclosure, guard it from theft, and detect any attempted or actual breach of its systems.

Part of Evolve’s business model involves collecting consumers’ private information to facilitate the delivery of financial services. Evolve profits by sharing and selling this PII to third parties. In doing so, Evolve promises consumers that it will “protect personal information from unauthorized access and use” with “security measures that comply with federal law.”

Not only does Evolve appear to have failed in fulling this duty of care, it responded to the hack by offering impacted customers only two years of complimentary credit monitoring services, which falls far short of addressing the ongoing risks of identity theft facing those whose banking and PII were stolen.

Sanford Heisler Sharp, a national public interest litigation law firm, has successfully represented victims of financial and consumer fraud in class actions, securing tens of millions of dollars in settlements. Our firm successfully holds powerful institutions and companies accountable for violating the law.

If you are a victim of the Evolve data breach or had your information compromised through Affirm, Wise, or Bilt, you may have grounds for legal action. Please contact us by completing the form below.

Client Testimonials

Recognized as Law Firm of the Year