Skip to content
3 min read

Class-Action Lawsuit Filed Against Evolve Bank and Trust for Major Data Breach

By: Poynter Law Group on Jul 12, 2024 2:48:30 PM

class action data cyber breach security lawsuit bank evolve
Featured Image

Along with Srourian Law Firm, P.C., of Los Angeles, California, Poynter Law Group, PLLC, of Little Rock, Arkansas, has filed a class-action lawsuit against Evolve Bank and Trust for a data breach that exposed 7.6 million customers’ personally identifiable information to hackers.

Background on Evolve Bank and Trust

Evolve Bank and Trust is an Arkansas-chartered bank that partners with hundreds of fin-tech companies to provide access to banking products. Evolve Bank and Trust has six branches in Arkansas and one in Memphis, Tennessee. Recently, the Federal Reserve issued an enforcement action against Evolve Bank and Trust over deficiencies in its anti-money laundering, risk management, and consumer compliance programs.

Details of the Data Breach

On June 26, 2024, Evolve Bank and Trust announced that a massive and preventable cyberattack had occurred in or around February and May of 2024. The cybercriminals infiltrated Evolve Bank and Trust’s inadequately protected network servers, accessed customers’ highly sensitive, personally identifiable information, and released customers’ information on the dark web. This personally identifiable information includes customers’ names, social security numbers, and sensitive financial information.

Evolve Bank and Trust’s Failure to Protect Data

Evolve Bank and Trust had a duty to keep its customers’ personally identifiable information safe and secure. Evolve Bank and Trust collected and used this information from its customers but failed to implement adequate and reasonable security measures to ensure that this personally identifiable information was safe from unauthorized disclosure. Because of Evolve Bank and Trust’s failure to properly secure and safeguard its customers’ personally identifiable information, cybercriminals were able to infiltrate Evolve Bank and Trust’s network, steal this information, and expose it on the dark web for other criminals to use as they see fit.

FTC Guidelines and Compliance Failures

The Federal Trade Commission has posted numerous guidelines that establish fundamental data security principles for companies like Evolve Bank and Trust. These guidelines explain that companies should:

  1. Protect the sensitive consumer information that they keep;
  2. Properly dispose of personally identifiable information that is no longer needed;
  3. Encrypt information stored on computer networks;
  4. Understand their network vulnerabilities; and
  5. Implement policies to correct security problems.

The FTC’s guidelines recommend that businesses like Evolve Bank and Trust watch out for large amounts of data being transmitted from the system and have a response plan ready in the event of a breach. These FTC guidelines also recommend that companies like Evolve Bank and Trust not maintain information longer than is necessary for authorization of a transaction, limit access to sensitive data, require complex passwords to be used on networks, use industry-based methods for security, monitor for suspicious activity on the network, and verify that third-party service providers have implemented reasonable security measures.

Legal Implications and Duties

Federal law prohibits organizations like Evolve Bank and Trust from engaging in unfair or deceptive acts or practices that affect commerce. But Evolve Bank and Trust’s failure to employ reasonable and appropriate measures to protect its customers from data breaches like these is an unfair act or practice. Evolve Bank and Trust also owed its customers a duty to design, maintain, and test its computer systems, servers, and networks and to implement reasonable data security practices and procedures to ensure that its customers’ personally identifiable information was secure and protected.

Warnings from Federal Law Enforcement

The Federal Bureau of Investigation and U.S. Secret Service have issued warnings to potential targets so they can be aware of, prepare for, and hopefully ward off any attempted cyberattacks. But despite these warnings from federal law enforcement agencies and the general knowledge that banks are potential targets of cyberattacks, Evolve Bank and Trust failed to take appropriate steps to protect its customers from data breaches.

Impact on Customers

At Poynter Law Group, we understand that customers affected by this data breach likely feel frustrated, anxious, and stressed. On average, more than 26 million Americans are victims of identity theft every year. And data breaches like these are often a reason that someone’s identity is stolen. Victims of data breaches must often spend considerable time and money to mitigate the harm caused by the data breach and are at continued and heightened risk of becoming a victim of fraud or identity theft. If you or someone you know has been affected by the Evolve Bank and Trust data breach, please reach out to our firm.

About Poynter Law Group

The class-action lawsuit filed against Evolve Bank and Trust is led by Daniel Srourian of Srourian Law Firm, P.C., and Scott Poynter, Daniel Holland, Scout Snowden, and Clay Ellis of Poynter Law Group, PLLC. Poynter Law Group is a Little Rock-based law firm with proven experience prosecuting complex civil, corporate, consumer, environmental, employment, and medical claims. Poynter Law Group is honored to represent the victims of Evolve Bank and Trust’s data breach and looks forward to bringing justice on behalf of those harmed by Evolve Bank and Trust’s data breach.