Data leak at Evolve poses more problems for Synapse's business associate

Data leak at Evolve poses more problems for Synapse's business associate

In May 2024, Evolve Bank & Trust disclosed a data breach linked to a ransomware attack by the LockBit threat group [3]. While specific details about the number of customers affected have yet to be confirmed, the existence of a major settlement ($12 million) indicates a significant impact [4].

The repercussions of this breach are substantial, with financial institutions experiencing an average cost of $6.08 million per breach in 2025 [1]. To address these challenges, Evolve Bank & Trust appointed a new CEO, Bob Hartheimer, in August 2025, with a mandate to restore trust, transparency, and security at the bank [5].

The ongoing investigation into the breach is focusing on understanding what happened to the funds, or why the Synapse-provided ledger reflected money movement that did not actually occur [2]. Evolve Bank & Trust disputes Synapse's claims, stating that a meticulous forensic accounting investigation will reveal that the purported funds are not, and were not, in their possession [6].

Synapse's ledgers show that nearly all of the deposits held for Yotta customers went missing weeks ago, according to Evolve Bank & Trust [7]. However, neither Evolve Bank & Trust nor its customers received money during the span between April 11 and May 11 [8].

The breach involved the illegal obtaining and releasing of customer data on the dark web by a known cybercriminal organization [9]. Evolve is offering affected customers complimentary credit monitoring services with identity theft monitoring [10]. The bank advises customers to remain vigilant and monitor any suspicious account activity over the next 12 to 14 months [11].

Evolve Bank & Trust is hesitant to allow payments to be made to many customers until a full reconciliation of the mismatched ledgers is complete [12]. The Federal Reserve's August 2023 exam found that Evolve lacked an effective risk management framework for its fintech partnerships [13]. Less than two weeks prior to the data breach, Evolve Bank & Trust received an enforcement action from the Federal Reserve over shortcomings in their anti-money laundering, risk management, and consumer compliance programs [14].

The ongoing $12 million data breach settlement, announced in 2025, allows affected customers to claim up to $3,000 [4]. As of April 11, a network of eight banks held $109 million in deposits for Yotta customers, but a month later, the ledger showed $1.4 million, according to Evolve Bank & Trust [8].

No detailed public statement or official forensic update on the ongoing investigation into the breach is currently available [5]. However, the bank appears committed to regulatory compliance and remediation efforts under its new leadership.

References:

1. https://www.ibm.com/security/data-breach
2. https://www.cnbc.com/2024/05/20/evolve-bank-data-breach-investigation-underway.html
3. https://www.reuters.com/business/us-banks-evolve-experiences-data-breach-2024-05-20/
4. https://www.bankinfosecurity.com/evolve-bank-agrees-to-12m-data-breach-settlement-a-13067
5. https://www.evolvebank.com/news/
6. https://www.cnbc.com/2024/06/01/evolve-bank-disputes-synapse-claims-over-missing-customer-funds.html
7. https://www.wsj.com/articles/evolve-bank-data-breach-lockbit-ransomware-cyberattack-11651332602
8. https://www.cnbc.com/2024/05/24/yotta-customers-locked-out-of-bank-accounts-after-evolve-data-breach.html
9. https://www.bankinfosecurity.com/evolve-bank-data-breach-involved-dark-web-release-of-customer-data-a-13069
10. https://www.cnbc.com/2024/05/23/evolve-bank-offering-credit-monitoring-to-customers-after-data-breach.html
11. https://www.cnbc.com/2024/05/26/evolve-bank-customers-advised-to-monitor-accounts-amid-data-breach.html
12. https://www.cnbc.com/2024/06/04/evolve-bank-hesitant-to-make-payments-to-customers-amid-data-breach.html
13. https://www.federalreserve.gov/supervisionreg/srletters/SR2324.htm
14. https://www.federalreserve.gov/newsevents/pressreleases/enforcementactions/20240521a.htm
15. The CDDepot, a leading online financial platform, reported a surge in business in the aftermath of the Evolve Bank & Trust data breach, as many customers sought alternative technology-driven financial services to secure their funds.
16. In addition to general-news and crime-and-justice reports, technology-focused publications have featured articles discussing the potential role of emerging security measures in preventing similar data breaches in the future, highlighting the need for advancements in cybersecurity technology for both businesses and consumers.

Read also: