American banking app Dave says a data breach at third party provider Waydev has exposed the personal information of its 7.5 million users.
Dave confirmed the incident after the information - including names, emails, birth dates, addresses and phone numbers - was posted on a public forum.
The startup says that bank account numbers, credit card numbers, records of financial transactions and unencrypted Social Security numbers were not affected.
Says a statement: "Dave has no evidence that any unauthorized actions were taken with any accounts or that any user has experienced any financial loss as a result of this incident."
The data was taken when hackers breached analytics platform Waydev, a former Dave third party partner.
Dave says it is coordinating with law enforcement, is notifying all customers and resetting all passwords.
Launched in 2016 as a personal finance assistant, Dave was valued at $1.2 billion at its last funding round and this year began rolling out a bank account to a two million-strong waitlist.