Data Incident

Data Incident

1 minute read

Dear Earnin Community, 
 
In February 2019, Earnin learned that white-hat security researchers had discovered a mistakenly exposed cloud cluster. We hold ourselves to an extremely high standard and maintain that your data should never be shared or used in ways you do not intend. 
 
We regret this error.
 
The data involved were bank transaction records. These types of records do not contain data elements such as customer bank account numbers, balances, user names, passwords, GPS data, phone UDID, home or work addresses, or credit card numbers as part of their standard structure.  We have seen no evidence that our customers or their personal data were jeopardized.
 
Upon learning of this error, we corrected it immediately. We also engaged a leading cybersecurity response firm to conduct a thorough investigation. Following a comprehensive review, the cybersecurity firm found no evidence of malicious access or acquisition of the exposed dataset and confirmed that all evidence reviewed is consistent with legitimate activity conducted by researchers. 
 
We have further strengthened our systems and procedures to prevent this from happening again. We know that when you use Earnin to access pay for the hours you have worked, you are trusting us with your livelihood. We will continue working hard to continue to honor that trust.
 
If you have any questions about this issue or our privacy and security policies, please contact us at privacy@earnin.com.