FloatMe Data Breach: Account Credentials Exposed
Photo by Marga Santoso on Unsplash
By Join The Case · Published January 7, 2026 · 6 min read
File Your Claim Now

Dapeer Law, P.A., a top-rated class action law firm, is investigating the FloatMe data breach. If you received notice that your information was exposed during this breach, you may be entitled to compensation. It's free to join our investigation to see if we can help you recover.

See Featured Articles
Petco Data Breach Affects Subscriber Privacy Petco Data Breach Affects Subscriber Privacy Were you hired to help train AI models? Were you hired to help train AI models? Received a Parking Ticket Notice in the Mail from Parking Revenue Recovery Services? Received a Parking Ticket Notice in the Mail from Parking Revenue Recovery Services? The Washington Post Data Breach: SSNs Exposed The Washington Post Data Breach: SSNs Exposed Late-Night and Early-Morning Unwanted Text Messages Late-Night and Early-Morning Unwanted Text Messages

FloatMe Data Breach Lawsuit Investigation

On December 8, 2025, FloatMe detected a credential-stuffing attack that allowed an unauthorized actor to access certain user accounts. The company has since notified consumers and regulators. If you received a FloatMe data breach letter, use the information below to protect your identity and explore potential legal claims.

Download Official Breach Notice (PDF)

Incident Overview

  • Date of unauthorized access: December 8, 2025
  • Consumer notice sent: January 5, 2026
  • Regulatory filing: Maine Attorney General on January 6, 2026
  • Type of incident: Credential-stuffing attack using login credentials from a non-FloatMe source

What Happened?

According to FloatMe, Corp. ("FloatMe"), a malicious actor attempted to log in to customer accounts using usernames and passwords obtained elsewhere on December 8, 2025. Where the credentials matched, the actor successfully accessed limited account details before FloatMe detected the activity.

Information Exposed

The breach involved different data elements depending on whether the login attempt succeeded:

  • FloatMe login credentials (email and password)
  • Mailing address (subset of users)
  • Phone number (subset of users)
  • Last four digits of linked bank or debit card number (subset of users)
  • Last five posted transactions from the linked account (subset of users)

FloatMe’s Response

FloatMe reports that it:

  • Reset passwords for impacted accounts
  • Shut off the attacker’s access through technical safeguards
  • Canceled any fraudulent cash advances initiated through compromised accounts
  • Continued an internal investigation to validate the scope of the incident

Recommended Next Steps for Affected Users

  • Review your FloatMe and bank account statements for unauthorized activity.
  • Monitor your credit reports for signs of identity theft.
  • Enable multifactor authentication (MFA) in the FloatMe mobile app.
  • Keep breach correspondence and related expenses; they may support a future claim.

Legal Rights & Potential Claims

Data breach victims often pursue compensation for out-of-pocket losses, time spent addressing fraud, and diminished privacy. State and federal laws can entitle consumers to statutory damages when companies fail to adequately safeguard personal information. Consult experienced counsel promptly to preserve your rights.

Company Overview

FloatMe, Corp. ("FloatMe") is a San Antonio-based fintech company that offers small cash advances and budgeting tools through a mobile application.

  • Website: floatme.com
  • Industry: Financial Services
  • Year founded: 2017
  • Headquarters: 110 E Houston St, 7th Floor, San Antonio, Texas, United States
  • Employee count: 11–50
  • Social: FacebookXLinkedInInstagram

Frequently Asked Questions

I received a data breach letter from FloatMe — what should I do?

Confirm the letter’s authenticity, follow the company’s instructions, change your password, enable MFA, and monitor your bank and credit reports for unusual activity.

How do I submit a claim related to the FloatMe data breach?

Keep all breach communications and records of losses, then speak with a qualified data-privacy attorney about filing an individual or class action claim.

Am I eligible to join a lawsuit against FloatMe?

You may qualify if your personal information was involved and you experienced time, expense, or risk as a result. Eligibility depends on the final class definition set by the court.

What information did the FloatMe breach expose?

Exposed data included login credentials and, for some users, address, phone number, the last four digits of a linked bank or debit card, and the last five account transactions.

Did FloatMe offer credit monitoring?

The company notice did not reference complimentary credit monitoring. Consumers should independently monitor their reports and consider placing a fraud alert.

How many people were affected by the FloatMe breach?

FloatMe’s regulatory filing did not specify the total number of affected individuals as of January 6, 2026.

How can I get the official breach notice (PDF) for FloatMe?

You can download the notice filed with the Maine Attorney General using the button near the top of this page.

Attorney Advertising. Prior results do not guarantee a similar outcome.

File Your Claim Now

Meet Our Team

The dedicated professionals committed to helping you understand your legal rights.

Rachel Dapeer

Rachel Dapeer

Founding Partner at Dapeer Law

Learn More
Edgar Cruz

Edgar Cruz

Attorney at Dapeer Law

Learn More
View Full Team Page