The alternative investment platform Yieldstreet is the latest company to reveal that its customers were affected by the recent data breach at Evolve Bank and Trust, TechCrunch has exclusively learned.
On Tuesday, Yieldstreet spokesperson Clare Burrows confirmed to TechCrunch that “some Yieldstreet customer information may have been impacted” as a consequence of the Evolve breach.
“We have communicated this to all potentially affected customers and continue to follow best practices regarding third-party cybersecurity incidents,” Burrows said in an email.
Burrows declined to say exactly what kind of customer information was stolen, nor how many customers were affected.
Last week, Evolve, which is a popular financial institution for fintech startups, announced that a cyberattack affected “the data and personal information of some Evolve retail bank customers and financial technology partners’ customers.”
As of this writing, the following companies have confirmed to TechCrunch that their customers were affected by the Evolve breach: Affirm, Branch, EarnIn, Marqeta, Melio, Mercury, Yieldstreet and Wise.
Contact Us
Do you have more information about the Evolve breach and how it’s impacting partner companies? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or email. You also can contact TechCrunch via SecureDrop.
On Monday, Jason Mikula, a fintech reporter, wrote on X that Branch, an Evolve partner, notified customers that it was affected by the Evolve incident.
A Branch spokesperson told TechCrunch on Tuesday that the company “continues to work with Evolve to understand the scope and the impact this incident may have on Branch account holders.”
“Out of an abundance of caution, we issued an email notification to account holders about the incident and urged them to exercise vigilance in monitoring account activity and protecting their account credentials. We also reassured them that the safety and security of the Branch platform and mobile application had not been compromised,” the spokesperson wrote in an email.
Mikula also reported that Juno, a crypto service company, and Yotta, a fintech company, were affected by the Evolve breach. In his newsletter Fintech Business Weekly, Mikula reported having reviewed stolen data from Evolve, which was posted online by the cybercrime gang LockBit. LockBit has claimed responsibility for the hack. According to the data, Mikula wrote, the following companies may have also been affected: Bitfinex, BrightSide, Copper, Dave, Fund That Flip, Juno, Nomad, Rho and SoLo Funds.
None of the above companies responded to TechCrunch’s request for comment, except for SoLo and Nomad. A SoLo spokesperson declined to comment. A Nomad spokesperson confirmed that it was affected by the Evolve breach, but also said that “it’s important to highlight that all Nomad accounts are secure and can continue to be used normally,” and that the company terminated its partnership with Evolve last year.
It’s likely that we still don’t know of several other companies. When reached by TechCrunch, Evolve spokesperson Eric Helvie declined to say how many of the bank’s partner companies or clients were affected by the breach. Instead, Helvie referred us to Evolve’s blog post regarding the incident.
This story has been updated to include comment from Nomad.