Evolve Bank & Trust will pay $11.8 million to settle a class action lawsuit related to a 2024 data breach that exposed millions of customers’ personal information. Court documents filed Tuesday show that customers accused the Memphis-based bank of failing to maintain strong data security and delaying notification to those affected by the breach.
In May 2024, Evolve noticed that some of its systems weren’t working properly. The bank later confirmed that a ransomware attack by the hacking group LockBit caused the issue. Between February and May, the hackers accessed and downloaded customer data. Evolve notified customers about the breach on June 26.
The U.S. District Court for the Western District of Tennessee received a class action lawsuit combining 34 cases, representing over 18 million individuals. Under the proposed settlement, each eligible person can request up to $3,000 in compensation.
An Evolve spokesperson said the bank suffered a cyberattack in mid-2024 but found no evidence that hackers stole customer funds. After the incident, the bank fixed the security vulnerability and improved its systems, protocols, and response processes. “We’re ready to move forward,” the spokesperson said.
Despite the settlement, Evolve faces another issue. Thousands of customers from fintech companies like Yotta, Juno, and Copper—partners of Evolve—have struggled to access their funds since early 2024.
The problem began after Synapse, a middleware firm linking fintechs with banks like Evolve, declared bankruptcy. Officials later discovered that about $85 million from 100,000 customers went missing due to inaccurate records.
Some customers received partial refunds, including a March disbursement. However, many are still waiting. On Reddit, users continue to share their experiences. One customer, Leticia Barros from Vermont, said she received only $2.78 out of the $27,000 she saved through Yotta, which directed her to Evolve.