Millions of people who currently or previously used the Cash App mobile payment service may have had some of their personal information exposed.
The parent company of Cash App, Block Inc., on Monday announced a data breach involving a former employee who downloaded reports that contained customer information associated with Cash App Investing.
The worker was no longer employed by the company when the reports were downloaded on December 10, 2021, according to a filing with the U.S. Securities and Exchange Commission.
"While this employee had regular access to these reports as part of their past job responsibilities, in this instance these reports were accessed without permission after their employment ended," the filing states.
Information in the reports included full names, brokerage account numbers, brokerage portfolio values, brokerage portfolio holdings and/or stock trading activity for one trading day, according to the company.
Block did not specify how many customers may have been affected by the breach, but said it was notifying 8.2 million current and former customers about the situation.
"The Company takes the security of information belonging to its customers very seriously and continues to review and strengthen administrative and technical safeguards to protect the information of its customers," Block told the SEC.
Block added that no other personally identifiable information -- such as passwords, social security numbers, addresses, payment or bank account information -- was compromised by the breach. Other than stock activity, no other Cash App products or features were impacted. Customers outside of the U.S. were also not affected.
A Cash App spokesperson said the company and police are continuing to investigate.
"Upon discovery, we took steps to remediate this issue and launched an investigation with the help of a leading forensics firm," spokesperson Danika Owsley told TechCrunch. "We know how these reports were accessed, and we have notified law enforcement."
Related
Related
