Evolve Bank & Trust recently fell victim to a cyber attack orchestrated by the Russian-linked hacker group LockBit 3.0, resulting in the exposure of customer data on the dark web. This incident occurred shortly after regulators ordered the Arkansas based lender to enhance its risk management and seek approval for new partnerships. While Evolve has confirmed that the breach has been contained and is being investigated with law enforcement, the bank has not disclosed specific details about the stolen information. To mitigate the impact, Evolve is offering affected customers complimentary credit monitoring and identity theft protection services. LockBit 3.0, known for its ransomware-as-a-service operations, claimed responsibility for the attack on Evolve and previously alleged a breach of the US Federal Reserve, although no sensitive Fed data has been released. The group’s tools remain active despite a prior international law enforcement operation targeting its malware system. The compromised information from Evolve includes tax identification numbers, wire transfers, and settlements, posing significant risks of identity theft and extortion for those affected. This breach underscores ongoing vulnerabilities in cybersecurity, especially within financial institutions that partner with fintech companies.