Evolve Bank & Trust, an Arkansas-based fintech banking partner, was attacked by the LockBit ransomware gang in late May 2024. An employee clicked a malicious link, granting attackers access. LockBit exfiltrated 33 TB of data including personal data on 7.6 million Americans — names, Social Security numbers, dates of birth, account numbers, and ACH transaction records. The bank declined to pay the ransom; LockBit partially leaked the stolen data. Open banking partners such as Affirm, Wise, and Mercury were also impacted. A proposed $11.85 million class action settlement was reached. The Federal Reserve issued an enforcement action against the bank in June 2024.