Dave

In June 2020, Dave, a digital banking application known for providing users with cash advances and budgeting tools, experienced a significant data breach that exposed the personal information of approximately 7.5 million users. The breach originated from Waydev, a former third-party service provider utilized by Dave for analytics purposes. Unauthorized individuals exploited vulnerabilities within Waydev's network, gaining access to Dave's user data. The compromised data encompassed a range of personally identifiable information, including full names, email addresses, birth dates, physical addresses, and phone numbers. Notably, while Social Security numbers were encrypted, other sensitive details were exposed. Dave asserted that bank account numbers, credit card information, and records of financial transactions remained secure and were not part of the breach. Upon discovering the breach, Dave promptly initiated an investigation, enlisting the expertise of cybersecurity firm CrowdStrike and coordinating with law enforcement agencies, including the FBI, to address the incident.

Data Included in the Breach