Yieldstreet says some of its customers were affected by the Evolve Bank data breach

The alternative investment platform Yieldstreet is the latest company to reveal that its customers were affected by the recent data breach at Evolve Bank and Trust, TechCrunch has exclusively learned.

On Tuesday, Yieldstreet spokesperson Clare Burrows confirmed to TechCrunch that “some Yieldstreet customer information may have been impacted” as a consequence of the Evolve breach.

“We have communicated this to all potentially affected customers and continue to follow best practices regarding third-party cybersecurity incidents,” Burrows said in an email.

Burrows declined to say exactly what kind of customer information was stolen, nor how many customers were affected.

Last week, Evolve, which is a popular financial institution for fintech startups, announced that a cyberattack affected “the data and personal information of some Evolve retail bank customers and financial technology partners’ customers.”

As of this writing, the following companies have confirmed to TechCrunch that their customers were affected by the Evolve breach: Affirm, Branch, EarnIn, Marqeta, Melio, Mercury, Yieldstreet and Wise.

On Monday, Jason Mikula, a fintech reporter, wrote on X that Branch, an Evolve partner, notified customers that it was affected by the Evolve incident.

A Branch spokesperson told TechCrunch on Tuesday that the company “continues to work with Evolve to understand the scope and the impact this incident may have on Branch account holders.”

“Out of an abundance of caution, we issued an email notification to account holders about the incident and urged them to exercise vigilance in monitoring account activity and protecting their account credentials. We also reassured them that the safety and security of the Branch platform and mobile application had not been compromised,” the spokesperson wrote in an email.

Mikula also reported that Juno, a crypto service company, and Yotta, a fintech company, were affected by the Evolve breach. In his newsletter Fintech Business Weekly, Mikula reported having reviewed stolen data from Evolve, which was posted online by the cybercrime gang LockBit. LockBit has claimed responsibility for the hack. According to the data, Mikula wrote, the following companies may have also been affected: Bitfinex, BrightSide, Copper Banking, Dave, Fund That Flip, Juno, Nomad, Rho and SoLo Funds.

None of the above companies responded to TechCrunch’s request for comment, except for SoLo, Nomad, and Bitfinex. A SoLo spokesperson declined to comment. A Nomad spokesperson confirmed that it was affected by the Evolve breach, but also said that "it's important to highlight that all Nomad accounts are secure and can continue to be used normally," and that the company terminated its partnership with Evolve last year. A Bitfinex spokesperson said that the company's "systems and data were not compromised in this incident."

It’s likely that we still don’t know of several other companies. When reached by TechCrunch, Evolve spokesperson Eric Helvie declined to say how many of the bank’s partner companies or clients were affected by the breach. Instead, Helvie referred us to Evolve's blog post regarding the incident.

This story has been updated to include comment from Nomad.

UPDATE, July 3 10:20 a.m. ET: This story has been updated to clarify that one of the companies that has been reported to have been affected by the Evolve breach is Copper Banking, and not Copper. The two are different companies, and a Copper spokesperson said that "no Copper data is processed by Evolve Bank, and as a result, no Copper data could potentially be impacted by a breach of Evolve Bank's systems." We regret the error.

UPDATE, July 3, 10:27 a.m. ET: This story was updated to include comment from Bitfinex.