Block has confirmed the Cash App data breach in which a former employee obtained reports from the application containing some US customer information.
On April 4, Block said that the information was accessed by the insider on December 10 in a filing with the Securities and Exchange Commission (SEC):
“While this employee had regular access to these reports as part of their past job responsibilities, in this instance these reports were accessed without permission after their employment ended.”
Those stolen reports included full names and brokerage account numbers of some users, in addition to “brokerage portfolio value, brokerage portfolio holdings and/or stock trading activity for one trading day.”
The company contacted 8.2 million customers about the Cash App data breach
Block did not close down discussion on how many customers are affected by the Cash App data breach. But the company has contacted around 8.2 million current and former clients about the matter.
Block says stolen reports does not include personal information beyond names:
“The reports did not include usernames or passwords, Social Security numbers, date of birth, payment card information, addresses, bank account information, or any other personally identifiable information.”
The firm has launched an internal investigation and is notifying the relevant regulatory bodies and law enforcement after learning of the event four months after it happened.
Danika Owsley from Cash App told TechCrunch that:
“At Cash App we value customer trust and are committed to the security of customers’ information. Upon discovery, we took steps to remediate this issue and launched an investigation with the help of a leading forensics firm. We know how these reports were accessed, and we have notified law enforcement. In addition, we continue to review and strengthen administrative and technical safeguards to protect information.”