The situation surrounding the data breach that is affecting a growing number of fintech companies is getting even stranger. Evolve Bank & Trust announced last week that it had been hacked and confirmed that the stolen data had been posted to the dark web. Now, Evolve has sent a cease and desist letter to the newsletter writers who have been reporting on the ongoing situation.
Jason Mikula, author of industry publication Fintech Business Weekly, told TechCrunch that he received cease and desist letters from banks ordering them to stop sharing dark web files with fintech companies that were allegedly affected.
Mikula told TechCrunch that while he hadn't actually shared any such information, he had offered to do so and had seen some of the files. Viewing hacked information is a common practice among journalists reporting on security breaches as a way to verify that a breach occurred and what was stolen.
Regarding this case, Mikula said he had been in contact with four people who had access to some of the files stolen in the break-in and posted on the dark web, and that he had personally looked at some of the data.
The crux of the problem, according to Mikula's industry insiders, is that not all of the affected fintech companies have received details of what information was stolen in the breach.
“My understanding is that some fintech companies did not receive 'confirmation' from Evolve about what had been compromised, and therefore did not take action to mitigate the risk or notify users,” Mikula told TechCrunch.
Mikula said he believes that “by looking at the files, we will be able to (1) see that a breach occurred and examples of what data fields were included, and (2) identify the specific customers that were affected.”
Mikula posted information about fintech companies that were identified as being involved with X and reported them in a newsletter. X users like Parrot Capital have even praised him: “Jason has provided better customer service than anyone else to those affected by the Evolve Bank breach,” Parrot Capital said. Posted in X.
“I woke up to C&D,” Mikula said yesterday. He added that he was reporting on the situation responsibly and would continue to do so. TechCrunch has reached out to Evolve for comment.
Meanwhile, while Evolve was sending its lawyer's letter to Mikula, on July 1, a group of senators publicly called on officials at troubled fintech company Synapse to take action. They are calling on Synapse's owners, fintech companies, and banking partners (including Evolve) to “immediately restore access to customers' funds.” Synapse was pressured to file for Chapter 7 bankruptcy protection in May and completely liquidated its business. Customers have been locked out ever since.
The senators hold both the company's partners and investors responsible for the disappearance of customer funds. Their letter alleges that between $65 million and $95 million worth of funds are missing, but Synapse and all the other companies, including Evolve, claim that if this is true, they are not responsible. They are all blaming others.
The letter was addressed to W. Scott Stafford, president and CEO of Evolve Bank & Trust, but was also sent to key investors in failed banking-as-a-service startup Synapse, as well as the company's major bank and fintech partners.
Want more fintech news delivered to your email? Sign up for TechCrunch Fintech here.
Want to share a tip? Email me at maryann@techcrunch.com or message me on Signal at 408.204.3036. You can also message the entire TechCrunch staff at tips@techcrunch.com. If you'd like to communicate more securely, click here to contact us, which also includes links to SecureDrop (instructions here) and other encrypted messaging apps.