Law Firm Launches Probe After Citizens Bank Data Appears on Dark Web, Exposing 3.4 Million Records

TL;DR: On or about April 20, 2026, the Everest ransomware gang posted Citizens Bank data on its dark web leak site, claiming 3.4 million records. Edelson Lechtzin LLP has opened an investigation into possible privacy claims stemming from the exposure.

Context: Everest operates as a double‑extortion ransomware group, stealing data before encrypting systems and threatening to publish it unless a ransom is paid. The gang’s leak site appeared on underground forums around the same date, showing samples of financial information attributed to Citizens Bank and another U.S. bank.

Key Facts: The gang alleges it holds approximately 3.4 million Citizens Bank records, including names, home addresses, and account numbers. The data surfaced on the Everest leak site on or about April 20, 2026. Edelson Lechtzin LLP, a national class‑action firm, announced on April 22, 2026 that it is evaluating data‑privacy claims for individuals potentially affected by the incident.

What It Means: Exposed personal data increases the risk of identity theft and fraud for affected customers. Legal scrutiny may follow, with potential class‑action suits seeking compensation for damages and heightened regulatory attention on the bank’s security practices.

What Defenders Should Do: Enforce multi‑factor authentication on all remote access points, especially VPN and RDP services. Apply the latest patches for known vulnerabilities in perimeter devices (e.g., CVE‑2022‑22965 for Spring4Shell if relevant). Deploy endpoint detection and response tools to flag credential dumping and lateral movement (MITRE ATT&CK T1003, T1021). Monitor dark‑web mentions of organizational names and implement alerts for new leak‑site postings. Conduct regular tabletop exercises that simulate ransomware‑data‑theft scenarios to improve response times.

Watch for any public release of the claimed 3.4 million records, regulatory filings from Citizens Bank, and developments in the Edelson Lechtzin LLP investigation as they shape the next steps for affected individuals and the broader financial sector.