Alternative investment platform Yieldstreet is the latest company to disclose that its clients were affected by the recent data breach at Evolve Bank and Trust, TechCrunch has learned exclusively.
On Tuesday, Yieldstreet spokesperson Claire Burrows confirmed to TechCrunch that “some Yieldstreet customer information may have been affected” as a result of the Evolve breach.
“We have communicated this to all potentially impacted customers and continue to follow best practices regarding third-party cybersecurity incidents,” Burrows said in an email.
Burrows declined to say what type of customer information was stolen or how many customers were affected.
Last week, Evolve, a financial institution popular with fintech startups, announced that a cyberattack had affected “some data and personal information of Evolve's retail banking customers and customers of its financial technology partners.”
At the time of writing, Affirm, Branch, EarnIn, Marqeta, Melio, Mercury, Yieldstreet and Wise have all confirmed to TechCrunch that their customers were affected by the Evolve breach.
On Monday, fintech reporter Jason Mikula wrote for X that Evolve's partner, Branch, had notified customers that they were affected by the Evolve incident.
A Branch spokesperson told TechCrunch on Tuesday that the company “continues to work with Evolve to understand the scope and impact of this incident on Branch account holders.”
“Out of an abundance of caution, we notified account holders about this incident via email and encouraged them to be diligent in monitoring their account activity and protecting their account credentials. We also assured them that the safety and security of the Branch platform and mobile applications were not compromised,” the spokesperson said in an email.
Mikula also reported that cryptocurrency services company Juno and fintech company Yotta were also affected by the Evolve breach. Mikula reported in his newsletter, Fintech Business Weekly, that he had looked at stolen data from Evolve that was posted online by cybercrime group Lockbit, which claimed responsibility for the hack. Mikula wrote that according to his data, Bitfinex, BrightSide, Copper, Dave, Fund That Flip, Juno, Mercury, Nomad, Rho and SoLo Funds may also have been affected.
None of the companies responded to TechCrunch's requests for comment, while SoLo declined to comment.
There are likely a few other companies who are still in the dark. When TechCrunch reached out to Evolve spokesman Eric Helvie, he wouldn't say how many of the bank's partners or clients were affected by the breach. Instead, Helvie pointed us to an Evolve blog post about the incident.