Breach cyber

Dave, Inc.

Jun 23, 2020 1 min read
Dave, Inc.

The Washington State Office of the Attorney General reported a data breach involving Dave, Inc. on August 20, 2020. The breach, which affected approximately 40,998 Washington residents, occurred due to unauthorized access stemming from a former third-party service provider, with the breach taking place between June 23 and July 1, 2020. Exposed information included names, email addresses, dates of birth, and Social Security numbers stored in encrypted form.

Source: https://www.atg.wa.gov/data-breach-notifications | https://data.wa.gov/resource/sb4j-ca4h.json?id=10253

TPRM report: https://www.rankiteo.com/company/dave-com

"id": "dav121072725",
"linkid": "dave-com",
"type": "Breach",
"date": "6/2020",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 40998,
                        'industry': 'Financial Services',
                        'location': 'Washington',
                        'name': 'Dave, Inc.',
                        'type': 'Company'}],
 'attack_vector': 'Unauthorized Access',
 'data_breach': {'data_encryption': 'Yes',
                 'number_of_records_exposed': 40998,
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['names',
                                              'email addresses',
                                              'dates of birth',
                                              'Social Security numbers']},
 'date_detected': '2020-08-20',
 'date_publicly_disclosed': '2020-08-20',
 'description': 'The Washington State Office of the Attorney General reported '
                'a data breach involving Dave, Inc. on August 20, 2020. The '
                'breach, which affected approximately 40,998 Washington '
                'residents, occurred due to unauthorized access stemming from '
                'a former third-party service provider, with the breach taking '
                'place between June 23 and July 1, 2020. Exposed information '
                'included names, email addresses, dates of birth, and Social '
                'Security numbers stored in encrypted form.',
 'impact': {'data_compromised': ['names',
                                 'email addresses',
                                 'dates of birth',
                                 'Social Security numbers']},
 'initial_access_broker': {'entry_point': 'Third-party service provider'},
 'post_incident_analysis': {'root_causes': 'Unauthorized access through a '
                                           'former third-party service '
                                           'provider'},
 'references': [{'date_accessed': '2020-08-20',
                 'source': 'Washington State Office of the Attorney General'}],
 'threat_actor': 'Unknown',
 'title': 'Data Breach at Dave, Inc.',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Third-party service provider'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.