Along with Srourian Law Firm, P.C., of Los Angeles, California, Poynter Law Group, PLLC, of Little Rock, Arkansas, has filed a class-action lawsuit against Evolve Bank and Trust for a data breach that exposed 7.6 million customers’ personally identifiable information to hackers.
Evolve Bank and Trust is an Arkansas-chartered bank that partners with hundreds of fin-tech companies to provide access to banking products. Evolve Bank and Trust has six branches in Arkansas and one in Memphis, Tennessee. Recently, the Federal Reserve issued an enforcement action against Evolve Bank and Trust over deficiencies in its anti-money laundering, risk management, and consumer compliance programs.
On June 26, 2024, Evolve Bank and Trust announced that a massive and preventable cyberattack had occurred in or around February and May of 2024. The cybercriminals infiltrated Evolve Bank and Trust’s inadequately protected network servers, accessed customers’ highly sensitive, personally identifiable information, and released customers’ information on the dark web. This personally identifiable information includes customers’ names, social security numbers, and sensitive financial information.
Evolve Bank and Trust had a duty to keep its customers’ personally identifiable information safe and secure. Evolve Bank and Trust collected and used this information from its customers but failed to implement adequate and reasonable security measures to ensure that this personally identifiable information was safe from unauthorized disclosure. Because of Evolve Bank and Trust’s failure to properly secure and safeguard its customers’ personally identifiable information, cybercriminals were able to infiltrate Evolve Bank and Trust’s network, steal this information, and expose it on the dark web for other criminals to use as they see fit.
The Federal Trade Commission has posted numerous guidelines that establish fundamental data security principles for companies like Evolve Bank and Trust. These guidelines explain that companies should:
The FTC’s guidelines recommend that businesses like Evolve Bank and Trust watch out for large amounts of data being transmitted from the system and have a response plan ready in the event of a breach. These FTC guidelines also recommend that companies like Evolve Bank and Trust not maintain information longer than is necessary for authorization of a transaction, limit access to sensitive data, require complex passwords to be used on networks, use industry-based methods for security, monitor for suspicious activity on the network, and verify that third-party service providers have implemented reasonable security measures.
Federal law prohibits organizations like Evolve Bank and Trust from engaging in unfair or deceptive acts or practices that affect commerce. But Evolve Bank and Trust’s failure to employ reasonable and appropriate measures to protect its customers from data breaches like these is an unfair act or practice. Evolve Bank and Trust also owed its customers a duty to design, maintain, and test its computer systems, servers, and networks and to implement reasonable data security practices and procedures to ensure that its customers’ personally identifiable information was secure and protected.
The Federal Bureau of Investigation and U.S. Secret Service have issued warnings to potential targets so they can be aware of, prepare for, and hopefully ward off any attempted cyberattacks. But despite these warnings from federal law enforcement agencies and the general knowledge that banks are potential targets of cyberattacks, Evolve Bank and Trust failed to take appropriate steps to protect its customers from data breaches.
At Poynter Law Group, we understand that customers affected by this data breach likely feel frustrated, anxious, and stressed. On average, more than 26 million Americans are victims of identity theft every year. And data breaches like these are often a reason that someone’s identity is stolen. Victims of data breaches must often spend considerable time and money to mitigate the harm caused by the data breach and are at continued and heightened risk of becoming a victim of fraud or identity theft. If you or someone you know has been affected by the Evolve Bank and Trust data breach, please reach out to our firm.
The class-action lawsuit filed against Evolve Bank and Trust is led by Daniel Srourian of Srourian Law Firm, P.C., and Scott Poynter, Daniel Holland, Scout Snowden, and Clay Ellis of Poynter Law Group, PLLC. Poynter Law Group is a Little Rock-based law firm with proven experience prosecuting complex civil, corporate, consumer, environmental, employment, and medical claims. Poynter Law Group is honored to represent the victims of Evolve Bank and Trust’s data breach and looks forward to bringing justice on behalf of those harmed by Evolve Bank and Trust’s data breach.