The mobile payment service Cash App has reported a major security breach involving a former employee and affecting more than 8 million users of its system.
The data relates only to stock market activity
The company Block, formerly known as Square and founded by the former CEO of TwitterJack Dorsey, filed a complaint with the Securities and Exchange Commission (SEC), the US federal financial market regulator. She explains that Cash App, of which she is the parent company, was the victim of data theft from one of her former employees.
This December 10, when he had left his position in the company for several months already, he managed to download documents containing information on users of the service. As explained Vicethis flight concerns only “ full name and brokerage account number (this is the unique identification number associated with a client’s trading activity on Cash App Investing) and, for some clients, brokerage portfolio value, brokerage portfolio holdings and/or trading activity for a trading day “. 8.2 million users are affected; the firm contacts them to provide them with information regarding the incident and share resources with them to answer their questions.
As a reminder, Cash App was initially a mobile payment service, but it has now been developed to allow its users to buy shares and bitcoins. According to the company, no other Cash App features outside of stocks were implicated in the data breach, while no customers outside of the United States are affected by it.
Cash App allows its users to buy bitcoins. Photography: Kanchanara / Unsplash
Cash App attempts to unravel the mystery
« While this employee had regular access to these reports as part of his previous job responsibilities, in this case, these reports were accessed without permission following his employment ended. “says Cash App. Logically, when a person leaves his post, his access to his account and to the information in it is cut off, so it is still difficult to know how he managed to access the documents.
« The reports did not include usernames or passwords, social security numbers, date of birth, payment card information, addresses, bank account information, or any other information that identifies individuals. They also did not include a security code, passcode or password used to access Cash App accounts. “Nevertheless assures Block in his complaint.
This is not the first time that employees of large technology companies have abused the personal data of their users. In 2019 for example, Snapchat employees used a tool to illegally access user information.
