The LockBit ransomware group recently threatened to release data allegedly stolen from the US Federal Reserve, but leaked data apparently taken from an Arkansas-based financial organization.
A post added to the LockBit group’s website on June 23 claimed that 33 Tb of data from the Federal Reserve would soon be leaked. The announcement came shortly after an international law enforcement crackdown on LockBit operations and the unmasking of the gang’s alleged mastermind.
On June 26, LockBit did publish links to 33 Tb of data under a ‘federalreserve.gov’ post on its website, but an analysis showed that the information likely comes from Evolve Bank & Trust, a relatively small financial services company, rather than from the United States’ central bank.
It’s worth noting that many members of the cybersecurity community expressed skepticism over LockBit’s claims when it announced hacking the Federal Reserve.
Evolve Bank & Trust on Wednesday informed retail bank customers and the customers of financial technology partners that it has launched an investigation into an incident that may involve personal information getting compromised.
“It appears these bad actors have released illegally obtained data, including Personal Identification Information (PII), on the dark web. The data varies by individual but may include your name, Social Security Number, date of birth, account information and/or other personal information,” Evolve Bank said in a notice on its website.
The company is confident that the breach has been contained and noted that “Evolve retail banking customers’ debit cards, online, and digital banking credentials do not appear to be impacted by the cybersecurity incident.”
The Federal Reserve Board recently issued an enforcement action against Evolve Bank & Trust for deficiencies in its anti-money laundering, risk management, and consumer compliance programs. This may be the connection that resulted in the cybercriminals claiming a Federal Reserve hack.
“We suspected the affiliate (who probably doesn’t know English) saw a document that said ‘United States Federal Reserve’ and thought it was that,” the Vx-Underground research and threat intelligence group said.
SecurityWeek contacted the Federal Reserve for comment when LockBit first announced the ‘hack’, but we have yet to hear back.
Following the law enforcement crackdown, LockBit once again appears to have become the most active ransomware group, but experts believe the cybercriminals may just be inflating the number of victims.
Related: FBI Says It Has 7,000 LockBit Ransomware Decryption Keys
Related: LockBit Takes Credit for City of Wichita Ransomware Attack
