Alternative investment platform Yieldstreet is the latest company to reveal that its clients were affected by the recent data breach at Evolve Bank and Trust, TechCrunch has learned exclusively.
On Tuesday, Yieldstreet spokeswoman Clare Burrows confirmed to TechCrunch that “some Yieldstreet customer information may have been affected” as a result of the Evolve breach.
“We have communicated this to all potentially affected customers and continue to follow best practices regarding third-party cybersecurity incidents,” Burrows said in an email.
Burrows declined to say exactly what kind of customer information was stolen, nor how many customers were affected.
Last week, Evolve, which is a popular financial institution for fintech startups, announced that a cyber attack affected “the data and personal information of certain Evolve retail bank customers and financial technology partner customers.”
As of this writing, the following companies have confirmed to TechCrunch that their customers were affected by the Evolve breach: Affirm, Branch, EarnIn, Marqeta, Melio, HermesYieldstreet and Wise.
On Monday, fintech journalist Jason Mikula, wrote to X that Branch, an Evolve partner, notified customers that it was affected by the Evolve incident;
A Branch spokesperson told TechCrunch on Tuesday that the company is “continuing to work with Evolve to understand the scope and impact this incident may have on Branch account holders.”
“Out of an abundance of caution, we have issued an email notification to account holders regarding the incident and urged them to exercise vigilance in monitoring account activity and protecting their account credentials. We also assured them that the safety and security of Branch’s platform and mobile app had not been compromised,” the spokesperson wrote in an email.
Mikula too reported that Junoan encryption service provider and Yotaa fintech company, were affected by the Evolve breach. In its Fintech Business Weekly newsletter, Mikula reported that he reviewed stolen data from Evolve, which was posted online by the LockBit cybercrime gang. LockBit claimed responsibility for the hack. According to the evidence, Mikula wrote, the following companies may also have been affected: Bitfinex, BrightSide, Copper, Dave, Fund That Flip, Juno, Nomad, Rho and SoLo Funds.
None of the above companies responded to TechCrunch’s request for comment, except for SoLo, which declined to comment.
It’s possible that we don’t know many other companies yet. When reached by TechCrunch, Evolve spokesman Eric Helvie declined to say how many of the bank’s partner companies or customers were affected by the breach. Instead, Helvie referred us Evolve’s blog post about the incident.
