Evolve Bank & Trust will pay $11.8 million to claimants of a proposed class action for allegedly failing to protect customers’ private information during a 2024 data breach.
The Memphis, Tennessee-based bank “had inadequate data security, was unjustly enriched by the use of the Private Information, and improperly or inadequately notified potentially impacted individuals” in relation to the data breach, according to claimants in a Tuesday filing.
The bank noticed in May 2024 that “some of its systems were not working properly” and subsequently realized a breach, specifically a ransomware attack by hacker group LockBit, was to blame.
Hackers accessed and downloaded customer information between February and May of last year. Evolve notified customers on June 26.
The proposed class action lawsuit, filed in the U.S. District Court for the Western District of Tennessee, is a combination of some 34 class action lawsuits related to the hack and is made up of more than 18 million people, court documents show. Individual claimants can request up to $3,000.
“In mid-summer 2024, Evolve Bank & Trust announced that it was the victim of a cyberattack,” an Evolve spokesperson said in an email to Banking Dive. “There was no evidence that the criminals accessed any customer funds. The security team remediated the vulnerability, further strengthened its security response protocols, policies and procedures, and our ability to detect and respond to suspected incidents to further unauthorized access. We look forward to putting this behind us and moving forward with our business operations.”
Claimants’ attorneys did not respond to a request for comment.
The settlement agreement comes amid a separate ongoing saga in which thousands of customers of fintechs Yotta, Juno and Copper, which used Evolve as a partner bank, have been unable to access millions of dollars in funds since last spring.
The issues began with the bankruptcy of middleware firm Synapse, which connected the fintechs to Evolve and a handful of other banks.
Following the bankruptcy, it was revealed that approximately $85 million in funds belonging to about 100,000 customers could not be traced due to irregularities in ledgers, which led to incorrect fund balances, according to a lawsuit filed against Evolve and other banks in November.
Many users have received their funds in recent months, including a recent disbursement in March of an undisclosed amount. But according to the r/yotta page on message board site Reddit, which has been active since customers were locked out of their funds last year, others have not.
One such customer, Leticia Barros of Brattleboro, Vermont, filed for reconciliation with Evolve only to receive $2.78 of the nearly $27,000 she’d saved in her Yotta account. Yotta told her that her funds were with Evolve.
“I’ve been doing everything the Fight for Our Funds group recommends, but no luck,” she said Thursday, referencing an organized effort by customers seeking to get their funds back. “But I heard many people got back 100% recently … they mysteriously found more money they swore they never had.”