(Westlaw) A Tennessee federal judge has granted preliminary approval to an $11.8 million settlement between Evolve Bank & Trust and a class of customers whose personal information was exposed in a 2024 data breach.
In re Evolve Bank & Trust Customer Data Security Breach Litigation, No. 24-md-3127, order issued (W.D. Tenn. May 30, 2025).
The settlement appears “fair, reasonable, and adequate,” U.S. District Judge Sheryl H. Lipman of the Western District of Tennessee said May 30, authorizing notice to be sent to the estimated 18 million class members.
Ransomware attack
According to a consolidated class-action complaint filed in January, Evolve experienced an apparent hardware failure in May 2024, after which the bank detected unauthorized activity in some of its computer systems.
The LockBit ransomware gang was behind the attack and leaked customers’ names, Social Security numbers, account numbers, birthdates and contact information after Evolve refused to pay a ransom demand, according to a notice on the bank’s website.
The incident prompted nearly two dozen class-action complaints filed in three federal district courts. The Judicial Panel on Multidistrict Litigation consolidated the actions in October and transferred them to Judge Lipman. In re Evolve Bank & Tr. Customer Data Sec. Breach Litig., MDL No. 3127, 2024 WL 4429367 (J.P.M.L. Oct. 4, 2024).
According to the consolidated complaint, the Federal Reserve Board took an enforcement action against Evolve in June 2024 over the bank’s anti-money laundering, risk management and consumer compliance programs.
The board ordered Evolve to “correct the information technology and information security deficiencies identified in the reports of examination” completed in 2023 and early 2024.
The complaint pointed to the enforcement action as evidence that Evolve “knew or should have known its information systems were vulnerable prior to the data breach.”
Relief for victims
The plaintiffs filed an unopposed motion for preliminary approval of the class settlement, which sought an order certifying the class and approving the settlement agreement.
Judge Lipman granted the motion and conditionally certified a class of people in the United States who provided Evolve with private information that was included in files affected by the data breach.
Under the settlement agreement, Evolve will establish a nonreversionary $11.8 million fund to pay for class member benefits, service awards to class representatives, attorney fees and settlement administration costs.
Class members can elect to receive either a fixed cash payment or compensation for documented losses related to the breach, as well as credit monitoring services.
The judge also provisionally appointed 14 named plaintiffs as class representatives and J. Gerard Stranch IV of Stranch, Jennings & Garvey PLLC as lead counsel.
A final approval hearing is scheduled for Nov. 14.
