Yieldstreet Reports Its Users Impacted by Evolve Bank Data Breach

Yieldstreet, an alternative investment service, has recently disclosed that its client base is among those impacted by the data breach at Evolve Bank and Trust, as per exclusive information obtained by TechCrunch. 

Clare Burrows, a representative for Yieldstreet, communicated with TechCrunch on Tuesday, revealing that “certain data pertaining to Yieldstreet clients” might have been compromised due to the breach at Evolve. 

“In response, we’ve made all potentially impacted customers aware and are continuing to adhere to the highest standards in dealing with incidents related to third-party cyber security,” explained Burrows via email.

However, Burrows did not provide details regarding the exact nature of the stolen customer data or the total number of customers affected.

Previously, Evolve, a banking institution favored by many fintech enterprises, admitted to being the victim of a cybersecurity attack that jeopardized “data and personal information belonging to certain retail bank customers and clients of financial technology partners.” 

So far, TechCrunch has confirmed through various sources that customers from the following entities were compromised by the data leak at Evolve: Affirm, Branch, EarnIn, Marqeta, Melio, Mercury, Yieldstreet, and Wise. 

Jason Mikula, a fintech journalist, shared on X that Evolve partner, Branch, has notified its customers about being impacted by the incident at Evolve. 

A spokesperson for Branch, speaking to TechCrunch on Tuesday, mentioned that the company is “closely collaborating with Evolve to fully understand the extent and effect of this incident on Branch account holders.”

“We proactively sent out emails to account holders informing them about the breach and encouraged them to stay vigilant in monitoring their account activities and safeguarding their login credentials. We also assured them of the uncompromised security of Branch’s platform and mobile app,” stated the spokesperson in an email. 

Mikula further revealed that Juno, a cryptocurrency service, and Yotta, a financial technology company, were also victims of the Evolve data breach. His newsletter Fintech Business Weekly contained a report based on the analysis of the data leaked online by the cybercrime syndicate LockBit, who took responsibility for the hack. According to Mikula’s findings, other potential victims include Bitfinex, BrightSide, Copper Banking, Dave, Fund That Flip, Juno, Nomad, Rho, and SoLo Funds. 

Out of these, only SoLo, Nomad, and Bitfinex responded to inquiries from TechCrunch. A spokesperson for SoLo opted not to comment. A representative for Nomad acknowledged the impact of the Evolve data breach, but stressed that “all Nomad accounts remain secure and can continue being used as usual,” also noting Nomad had ended their partnership with Evolve the preceding year. A spokesperson from Bitfinex assured that their “platform and data remained untouched by this incident.”

The full extent of the breach and the complete list of affected companies remain uncertain. Eric Helvie, a spokesperson for Evolve, refrained from disclosing the number of partner entities or clients that suffered from the breach, instead directing inquiries to an announcement on Evolve’s website.

This article now includes a statement from Nomad.

UPDATE, July 3, 10:20 a.m. ET: The article has been updated for precision to delineate that the entity impacted by the Evolve breach is Copper Banking, different from Copper. A representative for Copper clarified, “Evolve Bank does not handle any data from Copper, hence no Copper data was at risk of being affected by Evolve Bank’s system breach.” We apologize for the mistake.

UPDATE, July 3, 10:27 a.m. ET: This article has been edited to incorporate a comment from Bitfinex.