Earnin inadvertently sends encrypted personal info of Lead Bank customers to another partner bank

On Oct. 14, 2025, Activehours, Inc. d/b/a EarnIn, a company specializing in earned wage access, discovered a data breach that impacted more than 21,000 Texas residents. According to a notices sent to consumers, the breach occurred between April 2025 and Oct. 15, 2025, when EarnIn’s system inadvertently sent encrypted personal information of Lead Bank customers to another partner bank. Lead Bank is one of EarnIn’s partners supporting its Early Pay product.

The information included full names, dates of birth, addresses and Social Security numbers. Notably, the data was encrypted and was sent only to another regulated financial institution, which is subject to federal and state oversight and contractual confidentiality requirements.

The breach was reported to the Texas and Washington Attorney Generals' offices on Nov. 12, 2025 and company notified affected individuals by email. So far, this incident has impacted at least 21,178 residents in Texas and 3,412 in Washington.

Once the breach was discovered, EarnIn worked to ensure that the partner bank that received the encrypted data destroyed it and did not retain any copies. Additionally, EarnIn reported the incident to the appropriate authorities.