Yieldstreet and Affirm are the latest in the growing list of financial organizations hit by the recent cyberattack on Evolve Bank and Trust.
The online investment platform said TechCrunch that “some Yieldstreet customers may have been affected” as a result of the incident at the bank.
“We have communicated this to all potentially affected customers and continue to follow best practices regarding third-party cybersecurity incidents,” a Yieldstreet spokesperson told the publication. So far, the company has declined to say how many people were affected or what kind of data was stolen in the attack.
“Desperate” attempt to get attention
Evolve Bank & Trust recently confirmed that some of its systems had been disrupted. Further investigation revealed that this was due to ‘unauthorised activity’ as LockBit hackers attempted to install ransomware on the bank’s IT systems.
LockBit gained access to the bank’s IT infrastructure when an employee “accidentally clicked on a malicious internet link”. Although the gang stole data from the systems, it was unable to cause further damage because the company had quickly implemented backups.
After this, LockBit leaked the data on the dark web, falsely claiming that it had hacked the US Federal Reserve Bank.
However, the data appears to belong to Evolve’s many banking partners, including Affirm, Branch, EarnIn, Marqeta, Melio, Mercury and Wise, all of which have confirmed they have customers affected by the incident.
“Out of an abundance of caution, we sent an email notification to account holders about the incident and urged them to be vigilant in monitoring account activity and protecting their account data. We also reassured them that the safety and security of the Branch platform and mobile application were not compromised,” a spokesperson told the publication in an email.
When LockBit leaked the data and claimed it was from the Fed, many analysts said the group was in a “desperate bid for attention” since Operation Cronos was severely disrupting it. However, when they look at all the organizations affected, they may have to rethink the “desperate” part.