The situation surrounding a data breach that has affected an ever-increasing number of fintech companies has gotten even stranger. Evolve Bank & Trust announced last week that it had been hacked and confirmed that the stolen data has been posted on the dark web. Now Evolve has sent a cease and desist letter to the editor of a newsletter covering the ongoing situation.
Jason Mikula, author of the prestigious industry publication Fintech Business Weekly, told TechCrunch that he received cease and desist letter by the bank that told him not to share files from the dark web with any allegedly affected fintech companies.
Mikula told TechCrunch that he didn’t actually do such sharing, but offered to do so and saw some of the files. Examining breached information is a common practice among journalists when reporting on security breaches as a way to confirm that a breach occurred and what was done.
In this case, Mikula said he is connected to four people who have access to some of the files stolen in the breach and posted on the dark web, and has reviewed some of the data himself.
The bottom line is that not all affected fintechs have received details about the information stolen in the breach, according to Mikula’s industry sources.
“As I understand it, some fintechs had not received ‘confirmation’ from Evolve about what had been breached and therefore had not acted to mitigate the risk or notify users,” Mikula told TechCrunch.
Mikula believes that “seeing the records would allow them to (1) confirm that a breach had occurred and examples of the data fields that were included and (2) allow them to identify specific customers that were affected,” he said.
Mikula has been publishing information about fintechs confirmed to be involved in X and reported on it in his newsletter. So much so that X-users like Parrot Capital have praised him. “Jason is providing better customer service to those affected by the Evolve Bank breach than anyone,” Parrot posted on X.
Mikula said yesterday that he “woke up with C&D.” He added that he is reporting the situation responsibly and will continue to do so. TechCrunch has reached out to Evolve for comment.
Meanwhile, while Evolve was fielding letters from attorneys to Mikula, on July 1, a group of senators publicly urged those involved with a troubled fintech, Synapse, to act. They want Synapse’s owners, its fintech and banking partners — including Evolve — to “immediately restore customers’ access to their money.” Synapse was forced to file for Chapter 7 bankruptcy in May, completely liquidating its business. Customers have been frozen ever since.
The senators implicated both the firm’s partners and investors as being responsible for any missing client funds. The senators’ letter claims $65 million to $95 million worth of funds are missing, but Synapse and all the other players, including Evolve, claim that if that’s true, they’re not responsible. Everyone is pointing fingers at others.
The letter was addressed to W. Scott Stafford, President and CEO of Evolve Bank & Trust, but was also sent to major investors in bankrupt banking-as-a-service startup Synapse, as well as the fintech firm’s main bank and partners.
Want more fintech news in your inbox? Subscribe to TechCrunch Fintech here.
Want to get in touch with a tip? Email me at maryann@techcrunch.com or send me a message on Signal at 408.204.3036. You can also send a note to the entire TechCrunch crew at tips@techcrunch.com. For more secure communications, click here to contact uswhich includes SecureDrop (instructions here) and links to encrypted messaging applications.
